Ticket #13797: VBoxStartup.log

File VBoxStartup.log, 287.0 KB (added by mnman, 10 years ago)

Line
1	1558.1090: Log file opened: 4.3.21r97927 g_hStartupLog=00000000000000c0 g_uNtVerCombined=0x611db110
2	1558.1090: \SystemRoot\System32\ntdll.dll:
3	1558.1090: CreationTime: 2013-10-11T00:27:08.898984800Z
4	1558.1090: LastWriteTime: 2013-08-29T02:16:35.515578900Z
5	1558.1090: ChangeTime: 2014-12-15T16:32:10.938403200Z
6	1558.1090: FileAttributes: 0x20
7	1558.1090: Size: 0x1a6dc0
8	1558.1090: NT Headers: 0xe0
9	1558.1090: Timestamp: 0x521eaf24
10	1558.1090: Machine: 0x8664 - amd64
11	1558.1090: Timestamp: 0x521eaf24
12	1558.1090: Image Version: 6.1
13	1558.1090: SizeOfImage: 0x1a9000 (1740800)
14	1558.1090: Resource Dir: 0x151000 LB 0x560d8
15	1558.1090: ProductName: Microsoft® Windows® Operating System
16	1558.1090: ProductVersion: 6.1.7601.18247
17	1558.1090: FileVersion: 6.1.7601.18247 (win7sp1_gdr.130828-1532)
18	1558.1090: FileDescription: NT Layer DLL
19	1558.1090: \SystemRoot\System32\kernel32.dll:
20	1558.1090: CreationTime: 2014-04-08T17:52:11.563330500Z
21	1558.1090: LastWriteTime: 2014-03-04T09:44:00.336000000Z
22	1558.1090: ChangeTime: 2014-12-15T16:32:06.941796100Z
23	1558.1090: FileAttributes: 0x20
24	1558.1090: Size: 0x11c000
25	1558.1090: NT Headers: 0xe8
26	1558.1090: Timestamp: 0x5315a059
27	1558.1090: Machine: 0x8664 - amd64
28	1558.1090: Timestamp: 0x5315a059
29	1558.1090: Image Version: 6.1
30	1558.1090: SizeOfImage: 0x11f000 (1175552)
31	1558.1090: Resource Dir: 0x116000 LB 0x528
32	1558.1090: ProductName: Microsoft® Windows® Operating System
33	1558.1090: ProductVersion: 6.1.7601.18409
34	1558.1090: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144)
35	1558.1090: FileDescription: Windows NT BASE API Client DLL
36	1558.1090: \SystemRoot\System32\KernelBase.dll:
37	1558.1090: CreationTime: 2014-05-14T14:19:49.655911900Z
38	1558.1090: LastWriteTime: 2014-03-04T09:44:00.336000000Z
39	1558.1090: ChangeTime: 2014-12-15T16:32:06.972996100Z
40	1558.1090: FileAttributes: 0x20
41	1558.1090: Size: 0x67c00
42	1558.1090: NT Headers: 0xe8
43	1558.1090: Timestamp: 0x5315a05a
44	1558.1090: Machine: 0x8664 - amd64
45	1558.1090: Timestamp: 0x5315a05a
46	1558.1090: Image Version: 6.1
47	1558.1090: SizeOfImage: 0x6c000 (442368)
48	1558.1090: Resource Dir: 0x6a000 LB 0x530
49	1558.1090: ProductName: Microsoft® Windows® Operating System
50	1558.1090: ProductVersion: 6.1.7601.18409
51	1558.1090: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144)
52	1558.1090: FileDescription: Windows NT BASE API Client DLL
53	1558.1090: \SystemRoot\System32\apisetschema.dll:
54	1558.1090: CreationTime: 2013-09-13T00:27:27.125703100Z
55	1558.1090: LastWriteTime: 2013-08-02T02:12:20.275000000Z
56	1558.1090: ChangeTime: 2014-12-15T16:32:16.182012500Z
57	1558.1090: FileAttributes: 0x20
58	1558.1090: Size: 0x1a00
59	1558.1090: NT Headers: 0xc0
60	1558.1090: Timestamp: 0x51fb15ca
61	1558.1090: Machine: 0x8664 - amd64
62	1558.1090: Timestamp: 0x51fb15ca
63	1558.1090: Image Version: 6.1
64	1558.1090: SizeOfImage: 0x50000 (327680)
65	1558.1090: Resource Dir: 0x30000 LB 0x3f8
66	1558.1090: ProductName: Microsoft® Windows® Operating System
67	1558.1090: ProductVersion: 6.1.7601.18229
68	1558.1090: FileVersion: 6.1.7601.18229 (win7sp1_gdr.130801-1533)
69	1558.1090: FileDescription: ApiSet Schema DLL
70	1558.1090: Found driver NisDrv (0x400)
71	1558.1090: supR3HardenedWinFindAdversaries: 0x480
72	1558.1090: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
73	1558.1090: CreationTime: 2014-08-29T14:06:38.460628200Z
74	1558.1090: LastWriteTime: 2015-01-13T22:19:10.600779300Z
75	1558.1090: ChangeTime: 2015-01-13T22:19:10.600779300Z
76	1558.1090: FileAttributes: 0x20
77	1558.1090: Size: 0x1fad8
78	1558.1090: NT Headers: 0xd8
79	1558.1090: Timestamp: 0x541caaaf
80	1558.1090: Machine: 0x8664 - amd64
81	1558.1090: Timestamp: 0x541caaaf
82	1558.1090: Image Version: 6.1
83	1558.1090: SizeOfImage: 0x23000 (143360)
84	1558.1090: Resource Dir: 0x22000 LB 0x3f0
85	1558.1090: ProductName: Malwarebytes Anti-Malware
86	1558.1090: ProductVersion: 0.2.13.0
87	1558.1090: FileVersion: 0.2.13.0
88	1558.1090: FileDescription: Malwarebytes Anti-Malware
89	1558.1090: \SystemRoot\System32\drivers\mwac.sys:
90	1558.1090: CreationTime: 2014-08-29T14:06:17.837392200Z
91	1558.1090: LastWriteTime: 2014-11-21T12:14:22.000000000Z
92	1558.1090: ChangeTime: 2014-12-05T05:38:29.313527300Z
93	1558.1090: FileAttributes: 0x20
94	1558.1090: Size: 0xf8d8
95	1558.1090: NT Headers: 0xf8
96	1558.1090: Timestamp: 0x53a0f42a
97	1558.1090: Machine: 0x8664 - amd64
98	1558.1090: Timestamp: 0x53a0f42a
99	1558.1090: Image Version: 6.2
100	1558.1090: SizeOfImage: 0x12000 (73728)
101	1558.1090: Resource Dir: 0x10000 LB 0x3e0
102	1558.1090: ProductName: Malwarebytes Web Access Control
103	1558.1090: ProductVersion: 1.0.6.0
104	1558.1090: FileVersion: 1.0.6.0
105	1558.1090: FileDescription: Malwarebytes Web Access Control
106	1558.1090: \SystemRoot\System32\drivers\mbamchameleon.sys:
107	1558.1090: CreationTime: 2014-08-29T14:06:17.868592300Z
108	1558.1090: LastWriteTime: 2014-11-21T12:14:12.000000000Z
109	1558.1090: ChangeTime: 2014-12-05T05:38:29.516327600Z
110	1558.1090: FileAttributes: 0x20
111	1558.1090: Size: 0x16cd8
112	1558.1090: NT Headers: 0xe0
113	1558.1090: Timestamp: 0x53f2136a
114	1558.1090: Machine: 0x8664 - amd64
115	1558.1090: Timestamp: 0x53f2136a
116	1558.1090: Image Version: 6.1
117	1558.1090: SizeOfImage: 0x1a000 (106496)
118	1558.1090: Resource Dir: 0x18000 LB 0xbd0
119	1558.1090: ProductName: Malwarebytes Chameleon
120	1558.1090: ProductVersion: 1.1.4.0
121	1558.1090: FileVersion: 1.1.4.0
122	1558.1090: FileDescription: Malwarebytes Chameleon Protection Driver
123	1558.1090: \SystemRoot\System32\drivers\mbam.sys:
124	1558.1090: CreationTime: 2014-08-29T14:06:17.821792200Z
125	1558.1090: LastWriteTime: 2014-11-21T12:14:08.000000000Z
126	1558.1090: ChangeTime: 2014-12-05T05:38:29.297927200Z
127	1558.1090: FileAttributes: 0x20
128	1558.1090: Size: 0x64d8
129	1558.1090: NT Headers: 0xd8
130	1558.1090: Timestamp: 0x540754e1
131	1558.1090: Machine: 0x8664 - amd64
132	1558.1090: Timestamp: 0x540754e1
133	1558.1090: Image Version: 6.1
134	1558.1090: SizeOfImage: 0xa000 (40960)
135	1558.1090: Resource Dir: 0x8000 LB 0x3d0
136	1558.1090: ProductName: Malwarebytes Anti-Malware
137	1558.1090: ProductVersion: 0.1.15.0
138	1558.1090: FileVersion: 0.1.15.0
139	1558.1090: FileDescription: Malwarebytes Anti-Malware
140	1558.1090: \SystemRoot\System32\drivers\MpFilter.sys:
141	1558.1090: CreationTime: 2014-07-17T23:05:06.000000000Z
142	1558.1090: LastWriteTime: 2014-07-17T23:05:06.000000000Z
143	1558.1090: ChangeTime: 2014-09-09T23:22:15.541298400Z
144	1558.1090: FileAttributes: 0x20
145	1558.1090: Size: 0x41ad0
146	1558.1090: NT Headers: 0xf0
147	1558.1090: Timestamp: 0x53bdfdba
148	1558.1090: Machine: 0x8664 - amd64
149	1558.1090: Timestamp: 0x53bdfdba
150	1558.1090: Image Version: 6.3
151	1558.1090: SizeOfImage: 0x42000 (270336)
152	1558.1090: Resource Dir: 0x40000 LB 0xd50
153	1558.1090: ProductName: Microsoft Malware Protection
154	1558.1090: ProductVersion: 4.6.0300.0
155	1558.1090: FileVersion: 4.6.0300.0
156	1558.1090: FileDescription: Microsoft antimalware file system filter driver
157	1558.1090: \SystemRoot\System32\drivers\NisDrvWFP.sys:
158	1558.1090: CreationTime: 2014-03-11T14:52:30.000000000Z
159	1558.1090: LastWriteTime: 2014-07-17T23:05:06.000000000Z
160	1558.1090: ChangeTime: 2014-09-09T23:22:14.801256100Z
161	1558.1090: FileAttributes: 0x20
162	1558.1090: Size: 0x1ea90
163	1558.1090: NT Headers: 0xe0
164	1558.1090: Timestamp: 0x53bdfde3
165	1558.1090: Machine: 0x8664 - amd64
166	1558.1090: Timestamp: 0x53bdfde3
167	1558.1090: Image Version: 6.3
168	1558.1090: SizeOfImage: 0x1f000 (126976)
169	1558.1090: Resource Dir: 0x1c000 LB 0x1b90
170	1558.1090: ProductName: Microsoft Malware Protection
171	1558.1090: ProductVersion: 4.6.0300.0
172	1558.1090: FileVersion: 4.6.0300.0
173	1558.1090: FileDescription: Microsoft Network Realtime Inspection Driver
174	1558.1090: Calling main()
175	1558.1090: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
176	1558.1090: SUPR3HardenedMain: Respawn #1
177	1558.1090: System32: \Device\HarddiskVolume2\Windows\System32
178	1558.1090: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
179	1558.1090: KnownDllPath: C:\Windows\system32
180	1558.1090: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
181	1558.1090: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
182	1558.1090: supR3HardNtEnableThreadCreation:
183	1558.1090: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000771bc340 pvNtTerminateThread=00000000771e17e0
184	1558.1090: supR3HardenedWinDoReSpawn(1): New child 1d08.99c [kernel32].
185	1558.1090: supR3HardNtChildGatherData: PebBaseAddress=000007fffffd5000 cbPeb=0x380
186	1558.1090: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077190000 uNtDllChildAddr=0000000077190000
187	1558.1090: supR3HardenedWinSetupChildInit: uLdrInitThunk=00000000771bc340
188	1558.1090: supR3HardenedWinSetupChildInit: Start child.
189	1558.1090: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
190	1558.1090: supR3HardNtChildPurify: Startup delay kludge #1/0: 515 ms, 33 sleeps
191	1558.1090: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
192	1558.1090: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
193	1558.1090: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
194	1558.1090: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
195	1558.1090: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
196	1558.1090: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
197	1558.1090: 0000000000041000-0000000000031fff 0x0001/0x0000 0x0000000
198	1558.1090: *0000000000050000-000000000004efff 0x0004/0x0004 0x0020000
199	1558.1090: 0000000000051000-fffffffffffa1fff 0x0001/0x0000 0x0000000
200	1558.1090: *0000000000100000-0000000000003fff 0x0000/0x0004 0x0020000
201	1558.1090: 00000000001fc000-00000000001f8fff 0x0104/0x0004 0x0020000
202	1558.1090: 00000000001ff000-00000000001fdfff 0x0004/0x0004 0x0020000
203	1558.1090: 0000000000200000-ffffffff8926ffff 0x0001/0x0000 0x0000000
204	1558.1090: *0000000077190000-000000007718efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
205	1558.1090: 0000000077191000-000000007708efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
206	1558.1090: 0000000077293000-0000000077263fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
207	1558.1090: 00000000772c2000-00000000772b9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
208	1558.1090: 00000000772ca000-00000000772c8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
209	1558.1090: 00000000772cb000-00000000772c7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
210	1558.1090: 00000000772ce000-0000000077262fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
211	1558.1090: 0000000077339000-000000006f691fff 0x0001/0x0000 0x0000000
212	1558.1090: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
213	1558.1090: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
214	1558.1090: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
215	1558.1090: 000000007fff0000-ffffffffc09cffff 0x0001/0x0000 0x0000000
216	1558.1090: *000000013f610000-000000013f60efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
217	1558.1090: 000000013f611000-000000013f58cfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
218	1558.1090: 000000013f695000-000000013f693fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
219	1558.1090: 000000013f696000-000000013f658fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
220	1558.1090: 000000013f6d3000-000000013f6d1fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
221	1558.1090: 000000013f6d4000-000000013f6d2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
222	1558.1090: 000000013f6d5000-000000013f6d2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
223	1558.1090: 000000013f6d7000-000000013f6d5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
224	1558.1090: 000000013f6d8000-000000013f6d6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
225	1558.1090: 000000013f6d9000-000000013f6d4fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
226	1558.1090: 000000013f6dd000-000000013f6a3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
227	1558.1090: 000000013f716000-fffff8037f97bfff 0x0001/0x0000 0x0000000
228	1558.1090: *000007feff4b0000-000007feff4aefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
229	1558.1090: 000007feff4b1000-000007fdfe9b1fff 0x0001/0x0000 0x0000000
230	1558.1090: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
231	1558.1090: 000007fffffd3000-000007fffffd0fff 0x0001/0x0000 0x0000000
232	1558.1090: *000007fffffd5000-000007fffffd3fff 0x0004/0x0004 0x0020000
233	1558.1090: 000007fffffd6000-000007fffffcdfff 0x0001/0x0000 0x0000000
234	1558.1090: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
235	1558.1090: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
236	1558.1090: apisetschema.dll: timestamp 0x51fb15ca (rc=VINF_SUCCESS)
237	1558.1090: VirtualBox.exe: timestamp 0x54c8fe13 (rc=VINF_SUCCESS)
238	1558.1090: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
239	1558.1090: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
240	1558.1090: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
241	1558.1090: supR3HardNtChildPurify: Done after 546 ms and 0 fixes (loop #0).
242	1558.1090: supR3HardNtEnableThreadCreation:
243	1d08.99c: Log file opened: 4.3.21r97927 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db110
244	1d08.99c: supR3HardenedVmProcessInit: uNtDllAddr=0000000077190000
245	1d08.99c: ntdll.dll: timestamp 0x521eaf24 (rc=VINF_SUCCESS)
246	1d08.99c: New simple heap: #1 0000000000300000 LB 0x400000 (for 1740800 allocation)
247	1d08.99c: System32: \Device\HarddiskVolume2\Windows\System32
248	1d08.99c: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
249	1d08.99c: KnownDllPath: C:\Windows\system32
250	1d08.99c: supR3HardenedVmProcessInit: Opening vboxdrv stub...
251	1d08.99c: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
252	1d08.99c: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
253	1d08.99c: Registered Dll notification callback with NTDLL.
254	1d08.99c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
255	1d08.99c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
256	1d08.99c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
257	1d08.99c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
258	1d08.99c: supR3HardenedDllNotificationCallback: load 0000000077070000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
259	1d08.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
260	1d08.99c: supR3HardenedDllNotificationCallback: load 000007fefd2a0000 LB 0x0006c000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
261	1d08.99c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
262	1d08.99c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
263	1d08.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077070000 'C:\Windows\system32\kernel32.dll'
264	1d08.99c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000771bc340 pvNtTerminateThread=00000000771e17e0
265	1558.1090: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 16 ms.
266	1d08.99c: \SystemRoot\System32\ntdll.dll:
267	1d08.99c: CreationTime: 2013-10-11T00:27:08.898984800Z
268	1d08.99c: LastWriteTime: 2013-08-29T02:16:35.515578900Z
269	1d08.99c: ChangeTime: 2014-12-15T16:32:10.938403200Z
270	1d08.99c: FileAttributes: 0x20
271	1d08.99c: Size: 0x1a6dc0
272	1d08.99c: NT Headers: 0xe0
273	1d08.99c: Timestamp: 0x521eaf24
274	1d08.99c: Machine: 0x8664 - amd64
275	1d08.99c: Timestamp: 0x521eaf24
276	1d08.99c: Image Version: 6.1
277	1d08.99c: SizeOfImage: 0x1a9000 (1740800)
278	1d08.99c: Resource Dir: 0x151000 LB 0x560d8
279	1d08.99c: ProductName: Microsoft® Windows® Operating System
280	1d08.99c: ProductVersion: 6.1.7601.18247
281	1d08.99c: FileVersion: 6.1.7601.18247 (win7sp1_gdr.130828-1532)
282	1d08.99c: FileDescription: NT Layer DLL
283	1d08.99c: \SystemRoot\System32\kernel32.dll:
284	1d08.99c: CreationTime: 2014-04-08T17:52:11.563330500Z
285	1d08.99c: LastWriteTime: 2014-03-04T09:44:00.336000000Z
286	1d08.99c: ChangeTime: 2014-12-15T16:32:06.941796100Z
287	1d08.99c: FileAttributes: 0x20
288	1d08.99c: Size: 0x11c000
289	1d08.99c: NT Headers: 0xe8
290	1d08.99c: Timestamp: 0x5315a059
291	1d08.99c: Machine: 0x8664 - amd64
292	1d08.99c: Timestamp: 0x5315a059
293	1d08.99c: Image Version: 6.1
294	1d08.99c: SizeOfImage: 0x11f000 (1175552)
295	1d08.99c: Resource Dir: 0x116000 LB 0x528
296	1d08.99c: ProductName: Microsoft® Windows® Operating System
297	1d08.99c: ProductVersion: 6.1.7601.18409
298	1d08.99c: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144)
299	1d08.99c: FileDescription: Windows NT BASE API Client DLL
300	1d08.99c: \SystemRoot\System32\KernelBase.dll:
301	1d08.99c: CreationTime: 2014-05-14T14:19:49.655911900Z
302	1d08.99c: LastWriteTime: 2014-03-04T09:44:00.336000000Z
303	1d08.99c: ChangeTime: 2014-12-15T16:32:06.972996100Z
304	1d08.99c: FileAttributes: 0x20
305	1d08.99c: Size: 0x67c00
306	1d08.99c: NT Headers: 0xe8
307	1d08.99c: Timestamp: 0x5315a05a
308	1d08.99c: Machine: 0x8664 - amd64
309	1d08.99c: Timestamp: 0x5315a05a
310	1d08.99c: Image Version: 6.1
311	1d08.99c: SizeOfImage: 0x6c000 (442368)
312	1d08.99c: Resource Dir: 0x6a000 LB 0x530
313	1d08.99c: ProductName: Microsoft® Windows® Operating System
314	1d08.99c: ProductVersion: 6.1.7601.18409
315	1d08.99c: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144)
316	1d08.99c: FileDescription: Windows NT BASE API Client DLL
317	1d08.99c: \SystemRoot\System32\apisetschema.dll:
318	1d08.99c: CreationTime: 2013-09-13T00:27:27.125703100Z
319	1d08.99c: LastWriteTime: 2013-08-02T02:12:20.275000000Z
320	1d08.99c: ChangeTime: 2014-12-15T16:32:16.182012500Z
321	1d08.99c: FileAttributes: 0x20
322	1d08.99c: Size: 0x1a00
323	1d08.99c: NT Headers: 0xc0
324	1d08.99c: Timestamp: 0x51fb15ca
325	1d08.99c: Machine: 0x8664 - amd64
326	1d08.99c: Timestamp: 0x51fb15ca
327	1d08.99c: Image Version: 6.1
328	1d08.99c: SizeOfImage: 0x50000 (327680)
329	1d08.99c: Resource Dir: 0x30000 LB 0x3f8
330	1d08.99c: ProductName: Microsoft® Windows® Operating System
331	1d08.99c: ProductVersion: 6.1.7601.18229
332	1d08.99c: FileVersion: 6.1.7601.18229 (win7sp1_gdr.130801-1533)
333	1d08.99c: FileDescription: ApiSet Schema DLL
334	1d08.99c: Found driver NisDrv (0x400)
335	1d08.99c: supR3HardenedWinFindAdversaries: 0x480
336	1d08.99c: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
337	1d08.99c: CreationTime: 2014-08-29T14:06:38.460628200Z
338	1d08.99c: LastWriteTime: 2015-01-13T22:19:10.600779300Z
339	1d08.99c: ChangeTime: 2015-01-13T22:19:10.600779300Z
340	1d08.99c: FileAttributes: 0x20
341	1d08.99c: Size: 0x1fad8
342	1d08.99c: NT Headers: 0xd8
343	1d08.99c: Timestamp: 0x541caaaf
344	1d08.99c: Machine: 0x8664 - amd64
345	1d08.99c: Timestamp: 0x541caaaf
346	1d08.99c: Image Version: 6.1
347	1d08.99c: SizeOfImage: 0x23000 (143360)
348	1d08.99c: Resource Dir: 0x22000 LB 0x3f0
349	1d08.99c: ProductName: Malwarebytes Anti-Malware
350	1d08.99c: ProductVersion: 0.2.13.0
351	1d08.99c: FileVersion: 0.2.13.0
352	1d08.99c: FileDescription: Malwarebytes Anti-Malware
353	1d08.99c: \SystemRoot\System32\drivers\mwac.sys:
354	1d08.99c: CreationTime: 2014-08-29T14:06:17.837392200Z
355	1d08.99c: LastWriteTime: 2014-11-21T12:14:22.000000000Z
356	1d08.99c: ChangeTime: 2014-12-05T05:38:29.313527300Z
357	1d08.99c: FileAttributes: 0x20
358	1d08.99c: Size: 0xf8d8
359	1d08.99c: NT Headers: 0xf8
360	1d08.99c: Timestamp: 0x53a0f42a
361	1d08.99c: Machine: 0x8664 - amd64
362	1d08.99c: Timestamp: 0x53a0f42a
363	1d08.99c: Image Version: 6.2
364	1d08.99c: SizeOfImage: 0x12000 (73728)
365	1d08.99c: Resource Dir: 0x10000 LB 0x3e0
366	1d08.99c: ProductName: Malwarebytes Web Access Control
367	1d08.99c: ProductVersion: 1.0.6.0
368	1d08.99c: FileVersion: 1.0.6.0
369	1d08.99c: FileDescription: Malwarebytes Web Access Control
370	1d08.99c: \SystemRoot\System32\drivers\mbamchameleon.sys:
371	1d08.99c: CreationTime: 2014-08-29T14:06:17.868592300Z
372	1d08.99c: LastWriteTime: 2014-11-21T12:14:12.000000000Z
373	1d08.99c: ChangeTime: 2014-12-05T05:38:29.516327600Z
374	1d08.99c: FileAttributes: 0x20
375	1d08.99c: Size: 0x16cd8
376	1d08.99c: NT Headers: 0xe0
377	1d08.99c: Timestamp: 0x53f2136a
378	1d08.99c: Machine: 0x8664 - amd64
379	1d08.99c: Timestamp: 0x53f2136a
380	1d08.99c: Image Version: 6.1
381	1d08.99c: SizeOfImage: 0x1a000 (106496)
382	1d08.99c: Resource Dir: 0x18000 LB 0xbd0
383	1d08.99c: ProductName: Malwarebytes Chameleon
384	1d08.99c: ProductVersion: 1.1.4.0
385	1d08.99c: FileVersion: 1.1.4.0
386	1d08.99c: FileDescription: Malwarebytes Chameleon Protection Driver
387	1d08.99c: \SystemRoot\System32\drivers\mbam.sys:
388	1d08.99c: CreationTime: 2014-08-29T14:06:17.821792200Z
389	1d08.99c: LastWriteTime: 2014-11-21T12:14:08.000000000Z
390	1d08.99c: ChangeTime: 2014-12-05T05:38:29.297927200Z
391	1d08.99c: FileAttributes: 0x20
392	1d08.99c: Size: 0x64d8
393	1d08.99c: NT Headers: 0xd8
394	1d08.99c: Timestamp: 0x540754e1
395	1d08.99c: Machine: 0x8664 - amd64
396	1d08.99c: Timestamp: 0x540754e1
397	1d08.99c: Image Version: 6.1
398	1d08.99c: SizeOfImage: 0xa000 (40960)
399	1d08.99c: Resource Dir: 0x8000 LB 0x3d0
400	1d08.99c: ProductName: Malwarebytes Anti-Malware
401	1d08.99c: ProductVersion: 0.1.15.0
402	1d08.99c: FileVersion: 0.1.15.0
403	1d08.99c: FileDescription: Malwarebytes Anti-Malware
404	1d08.99c: \SystemRoot\System32\drivers\MpFilter.sys:
405	1d08.99c: CreationTime: 2014-07-17T23:05:06.000000000Z
406	1d08.99c: LastWriteTime: 2014-07-17T23:05:06.000000000Z
407	1d08.99c: ChangeTime: 2014-09-09T23:22:15.541298400Z
408	1d08.99c: FileAttributes: 0x20
409	1d08.99c: Size: 0x41ad0
410	1d08.99c: NT Headers: 0xf0
411	1d08.99c: Timestamp: 0x53bdfdba
412	1d08.99c: Machine: 0x8664 - amd64
413	1d08.99c: Timestamp: 0x53bdfdba
414	1d08.99c: Image Version: 6.3
415	1d08.99c: SizeOfImage: 0x42000 (270336)
416	1d08.99c: Resource Dir: 0x40000 LB 0xd50
417	1d08.99c: ProductName: Microsoft Malware Protection
418	1d08.99c: ProductVersion: 4.6.0300.0
419	1d08.99c: FileVersion: 4.6.0300.0
420	1d08.99c: FileDescription: Microsoft antimalware file system filter driver
421	1d08.99c: \SystemRoot\System32\drivers\NisDrvWFP.sys:
422	1d08.99c: CreationTime: 2014-03-11T14:52:30.000000000Z
423	1d08.99c: LastWriteTime: 2014-07-17T23:05:06.000000000Z
424	1d08.99c: ChangeTime: 2014-09-09T23:22:14.801256100Z
425	1d08.99c: FileAttributes: 0x20
426	1d08.99c: Size: 0x1ea90
427	1d08.99c: NT Headers: 0xe0
428	1d08.99c: Timestamp: 0x53bdfde3
429	1d08.99c: Machine: 0x8664 - amd64
430	1d08.99c: Timestamp: 0x53bdfde3
431	1d08.99c: Image Version: 6.3
432	1d08.99c: SizeOfImage: 0x1f000 (126976)
433	1d08.99c: Resource Dir: 0x1c000 LB 0x1b90
434	1d08.99c: ProductName: Microsoft Malware Protection
435	1d08.99c: ProductVersion: 4.6.0300.0
436	1d08.99c: FileVersion: 4.6.0300.0
437	1d08.99c: FileDescription: Microsoft Network Realtime Inspection Driver
438	1d08.99c: Calling main()
439	1d08.99c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
440	1d08.99c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
441	1d08.99c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
442	1d08.99c: SUPR3HardenedMain: Respawn #2
443	1d08.99c: supR3HardNtEnableThreadCreation:
444	1d08.99c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll)
445	1d08.99c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll
446	1d08.99c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
447	1d08.99c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
448	1d08.99c: supR3HardenedDllNotificationCallback: load 000007fefcd50000 LB 0x00057000 C:\Windows\system32\apphelp.dll [fFlags=0x0]
449	1d08.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
450	1d08.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcd50000 'C:\Windows\system32\apphelp.dll'
451	1d08.99c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000771bc340 pvNtTerminateThread=00000000771e17e0
452	1d08.99c: supR3HardenedWinDoReSpawn(2): New child 28fc.18f8 [kernel32].
453	1d08.99c: supR3HardNtChildGatherData: PebBaseAddress=000007fffffd7000 cbPeb=0x380
454	1d08.99c: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077190000 uNtDllChildAddr=0000000077190000
455	1d08.99c: supR3HardenedWinSetupChildInit: uLdrInitThunk=00000000771bc340
456	1d08.99c: supR3HardenedWinSetupChildInit: Start child.
457	1d08.99c: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
458	1d08.99c: supR3HardNtChildPurify: Startup delay kludge #1/0: 515 ms, 33 sleeps
459	1d08.99c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
460	1d08.99c: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
461	1d08.99c: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
462	1d08.99c: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
463	1d08.99c: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
464	1d08.99c: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
465	1d08.99c: 0000000000041000-0000000000031fff 0x0001/0x0000 0x0000000
466	1d08.99c: *0000000000050000-000000000004efff 0x0004/0x0004 0x0020000
467	1d08.99c: 0000000000051000-ffffffffffeb1fff 0x0001/0x0000 0x0000000
468	1d08.99c: *00000000001f0000-00000000000f3fff 0x0000/0x0004 0x0020000
469	1d08.99c: 00000000002ec000-00000000002e8fff 0x0104/0x0004 0x0020000
470	1d08.99c: 00000000002ef000-00000000002edfff 0x0004/0x0004 0x0020000
471	1d08.99c: 00000000002f0000-ffffffff8944ffff 0x0001/0x0000 0x0000000
472	1d08.99c: *0000000077190000-000000007718efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
473	1d08.99c: 0000000077191000-000000007708efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
474	1d08.99c: 0000000077293000-0000000077263fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
475	1d08.99c: 00000000772c2000-00000000772b9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
476	1d08.99c: 00000000772ca000-00000000772c8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
477	1d08.99c: 00000000772cb000-00000000772c7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
478	1d08.99c: 00000000772ce000-0000000077262fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
479	1d08.99c: 0000000077339000-000000006f691fff 0x0001/0x0000 0x0000000
480	1d08.99c: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
481	1d08.99c: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
482	1d08.99c: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
483	1d08.99c: 000000007fff0000-ffffffffc09cffff 0x0001/0x0000 0x0000000
484	1d08.99c: *000000013f610000-000000013f60efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
485	1d08.99c: 000000013f611000-000000013f58cfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
486	1d08.99c: 000000013f695000-000000013f693fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
487	1d08.99c: 000000013f696000-000000013f658fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
488	1d08.99c: 000000013f6d3000-000000013f6d1fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
489	1d08.99c: 000000013f6d4000-000000013f6d2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
490	1d08.99c: 000000013f6d5000-000000013f6d2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
491	1d08.99c: 000000013f6d7000-000000013f6d5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
492	1d08.99c: 000000013f6d8000-000000013f6d6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
493	1d08.99c: 000000013f6d9000-000000013f6d4fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
494	1d08.99c: 000000013f6dd000-000000013f6a3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
495	1d08.99c: 000000013f716000-fffff8037f97bfff 0x0001/0x0000 0x0000000
496	1d08.99c: *000007feff4b0000-000007feff4aefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
497	1d08.99c: 000007feff4b1000-000007fdfe9b1fff 0x0001/0x0000 0x0000000
498	1d08.99c: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
499	1d08.99c: 000007fffffd3000-000007fffffcefff 0x0001/0x0000 0x0000000
500	1d08.99c: *000007fffffd7000-000007fffffd5fff 0x0004/0x0004 0x0020000
501	1d08.99c: 000007fffffd8000-000007fffffd1fff 0x0001/0x0000 0x0000000
502	1d08.99c: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
503	1d08.99c: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
504	1d08.99c: apisetschema.dll: timestamp 0x51fb15ca (rc=VINF_SUCCESS)
505	1d08.99c: VirtualBox.exe: timestamp 0x54c8fe13 (rc=VINF_SUCCESS)
506	1d08.99c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
507	1d08.99c: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
508	1d08.99c: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
509	1d08.99c: supR3HardNtChildPurify: Done after 530 ms and 0 fixes (loop #0).
510	1d08.99c: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000300000 LB 0x400000)
511	1d08.99c: supR3HardNtEnableThreadCreation:
512	28fc.18f8: Log file opened: 4.3.21r97927 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db110
513	28fc.18f8: supR3HardenedVmProcessInit: uNtDllAddr=0000000077190000
514	28fc.18f8: ntdll.dll: timestamp 0x521eaf24 (rc=VINF_SUCCESS)
515	28fc.18f8: New simple heap: #1 00000000002f0000 LB 0x400000 (for 1740800 allocation)
516	28fc.18f8: System32: \Device\HarddiskVolume2\Windows\System32
517	28fc.18f8: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
518	28fc.18f8: KnownDllPath: C:\Windows\system32
519	28fc.18f8: supR3HardenedVmProcessInit: Opening vboxdrv...
520	28fc.18f8: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
521	28fc.18f8: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
522	28fc.18f8: Registered Dll notification callback with NTDLL.
523	28fc.18f8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
524	28fc.18f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
525	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
526	28fc.18f8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
527	28fc.18f8: supR3HardenedDllNotificationCallback: load 0000000077070000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
528	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
529	28fc.18f8: supR3HardenedDllNotificationCallback: load 000007fefd2a0000 LB 0x0006c000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
530	28fc.18f8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
531	28fc.18f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
532	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077070000 'C:\Windows\system32\kernel32.dll'
533	28fc.18f8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000771bc340 pvNtTerminateThread=00000000771e17e0
534	1d08.99c: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 31 ms.
535	28fc.18f8: \SystemRoot\System32\ntdll.dll:
536	28fc.18f8: CreationTime: 2013-10-11T00:27:08.898984800Z
537	28fc.18f8: LastWriteTime: 2013-08-29T02:16:35.515578900Z
538	28fc.18f8: ChangeTime: 2014-12-15T16:32:10.938403200Z
539	28fc.18f8: FileAttributes: 0x20
540	28fc.18f8: Size: 0x1a6dc0
541	28fc.18f8: NT Headers: 0xe0
542	28fc.18f8: Timestamp: 0x521eaf24
543	28fc.18f8: Machine: 0x8664 - amd64
544	28fc.18f8: Timestamp: 0x521eaf24
545	28fc.18f8: Image Version: 6.1
546	28fc.18f8: SizeOfImage: 0x1a9000 (1740800)
547	28fc.18f8: Resource Dir: 0x151000 LB 0x560d8
548	28fc.18f8: ProductName: Microsoft® Windows® Operating System
549	28fc.18f8: ProductVersion: 6.1.7601.18247
550	28fc.18f8: FileVersion: 6.1.7601.18247 (win7sp1_gdr.130828-1532)
551	28fc.18f8: FileDescription: NT Layer DLL
552	28fc.18f8: \SystemRoot\System32\kernel32.dll:
553	28fc.18f8: CreationTime: 2014-04-08T17:52:11.563330500Z
554	28fc.18f8: LastWriteTime: 2014-03-04T09:44:00.336000000Z
555	28fc.18f8: ChangeTime: 2014-12-15T16:32:06.941796100Z
556	28fc.18f8: FileAttributes: 0x20
557	28fc.18f8: Size: 0x11c000
558	28fc.18f8: NT Headers: 0xe8
559	28fc.18f8: Timestamp: 0x5315a059
560	28fc.18f8: Machine: 0x8664 - amd64
561	28fc.18f8: Timestamp: 0x5315a059
562	28fc.18f8: Image Version: 6.1
563	28fc.18f8: SizeOfImage: 0x11f000 (1175552)
564	28fc.18f8: Resource Dir: 0x116000 LB 0x528
565	28fc.18f8: ProductName: Microsoft® Windows® Operating System
566	28fc.18f8: ProductVersion: 6.1.7601.18409
567	28fc.18f8: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144)
568	28fc.18f8: FileDescription: Windows NT BASE API Client DLL
569	28fc.18f8: \SystemRoot\System32\KernelBase.dll:
570	28fc.18f8: CreationTime: 2014-05-14T14:19:49.655911900Z
571	28fc.18f8: LastWriteTime: 2014-03-04T09:44:00.336000000Z
572	28fc.18f8: ChangeTime: 2014-12-15T16:32:06.972996100Z
573	28fc.18f8: FileAttributes: 0x20
574	28fc.18f8: Size: 0x67c00
575	28fc.18f8: NT Headers: 0xe8
576	28fc.18f8: Timestamp: 0x5315a05a
577	28fc.18f8: Machine: 0x8664 - amd64
578	28fc.18f8: Timestamp: 0x5315a05a
579	28fc.18f8: Image Version: 6.1
580	28fc.18f8: SizeOfImage: 0x6c000 (442368)
581	28fc.18f8: Resource Dir: 0x6a000 LB 0x530
582	28fc.18f8: ProductName: Microsoft® Windows® Operating System
583	28fc.18f8: ProductVersion: 6.1.7601.18409
584	28fc.18f8: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144)
585	28fc.18f8: FileDescription: Windows NT BASE API Client DLL
586	28fc.18f8: \SystemRoot\System32\apisetschema.dll:
587	28fc.18f8: CreationTime: 2013-09-13T00:27:27.125703100Z
588	28fc.18f8: LastWriteTime: 2013-08-02T02:12:20.275000000Z
589	28fc.18f8: ChangeTime: 2014-12-15T16:32:16.182012500Z
590	28fc.18f8: FileAttributes: 0x20
591	28fc.18f8: Size: 0x1a00
592	28fc.18f8: NT Headers: 0xc0
593	28fc.18f8: Timestamp: 0x51fb15ca
594	28fc.18f8: Machine: 0x8664 - amd64
595	28fc.18f8: Timestamp: 0x51fb15ca
596	28fc.18f8: Image Version: 6.1
597	28fc.18f8: SizeOfImage: 0x50000 (327680)
598	28fc.18f8: Resource Dir: 0x30000 LB 0x3f8
599	28fc.18f8: ProductName: Microsoft® Windows® Operating System
600	28fc.18f8: ProductVersion: 6.1.7601.18229
601	28fc.18f8: FileVersion: 6.1.7601.18229 (win7sp1_gdr.130801-1533)
602	28fc.18f8: FileDescription: ApiSet Schema DLL
603	28fc.18f8: Found driver NisDrv (0x400)
604	28fc.18f8: supR3HardenedWinFindAdversaries: 0x480
605	28fc.18f8: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
606	28fc.18f8: CreationTime: 2014-08-29T14:06:38.460628200Z
607	28fc.18f8: LastWriteTime: 2015-01-13T22:19:10.600779300Z
608	28fc.18f8: ChangeTime: 2015-01-13T22:19:10.600779300Z
609	28fc.18f8: FileAttributes: 0x20
610	28fc.18f8: Size: 0x1fad8
611	28fc.18f8: NT Headers: 0xd8
612	28fc.18f8: Timestamp: 0x541caaaf
613	28fc.18f8: Machine: 0x8664 - amd64
614	28fc.18f8: Timestamp: 0x541caaaf
615	28fc.18f8: Image Version: 6.1
616	28fc.18f8: SizeOfImage: 0x23000 (143360)
617	28fc.18f8: Resource Dir: 0x22000 LB 0x3f0
618	28fc.18f8: ProductName: Malwarebytes Anti-Malware
619	28fc.18f8: ProductVersion: 0.2.13.0
620	28fc.18f8: FileVersion: 0.2.13.0
621	28fc.18f8: FileDescription: Malwarebytes Anti-Malware
622	28fc.18f8: \SystemRoot\System32\drivers\mwac.sys:
623	28fc.18f8: CreationTime: 2014-08-29T14:06:17.837392200Z
624	28fc.18f8: LastWriteTime: 2014-11-21T12:14:22.000000000Z
625	28fc.18f8: ChangeTime: 2014-12-05T05:38:29.313527300Z
626	28fc.18f8: FileAttributes: 0x20
627	28fc.18f8: Size: 0xf8d8
628	28fc.18f8: NT Headers: 0xf8
629	28fc.18f8: Timestamp: 0x53a0f42a
630	28fc.18f8: Machine: 0x8664 - amd64
631	28fc.18f8: Timestamp: 0x53a0f42a
632	28fc.18f8: Image Version: 6.2
633	28fc.18f8: SizeOfImage: 0x12000 (73728)
634	28fc.18f8: Resource Dir: 0x10000 LB 0x3e0
635	28fc.18f8: ProductName: Malwarebytes Web Access Control
636	28fc.18f8: ProductVersion: 1.0.6.0
637	28fc.18f8: FileVersion: 1.0.6.0
638	28fc.18f8: FileDescription: Malwarebytes Web Access Control
639	28fc.18f8: \SystemRoot\System32\drivers\mbamchameleon.sys:
640	28fc.18f8: CreationTime: 2014-08-29T14:06:17.868592300Z
641	28fc.18f8: LastWriteTime: 2014-11-21T12:14:12.000000000Z
642	28fc.18f8: ChangeTime: 2014-12-05T05:38:29.516327600Z
643	28fc.18f8: FileAttributes: 0x20
644	28fc.18f8: Size: 0x16cd8
645	28fc.18f8: NT Headers: 0xe0
646	28fc.18f8: Timestamp: 0x53f2136a
647	28fc.18f8: Machine: 0x8664 - amd64
648	28fc.18f8: Timestamp: 0x53f2136a
649	28fc.18f8: Image Version: 6.1
650	28fc.18f8: SizeOfImage: 0x1a000 (106496)
651	28fc.18f8: Resource Dir: 0x18000 LB 0xbd0
652	28fc.18f8: ProductName: Malwarebytes Chameleon
653	28fc.18f8: ProductVersion: 1.1.4.0
654	28fc.18f8: FileVersion: 1.1.4.0
655	28fc.18f8: FileDescription: Malwarebytes Chameleon Protection Driver
656	28fc.18f8: \SystemRoot\System32\drivers\mbam.sys:
657	28fc.18f8: CreationTime: 2014-08-29T14:06:17.821792200Z
658	28fc.18f8: LastWriteTime: 2014-11-21T12:14:08.000000000Z
659	28fc.18f8: ChangeTime: 2014-12-05T05:38:29.297927200Z
660	28fc.18f8: FileAttributes: 0x20
661	28fc.18f8: Size: 0x64d8
662	28fc.18f8: NT Headers: 0xd8
663	28fc.18f8: Timestamp: 0x540754e1
664	28fc.18f8: Machine: 0x8664 - amd64
665	28fc.18f8: Timestamp: 0x540754e1
666	28fc.18f8: Image Version: 6.1
667	28fc.18f8: SizeOfImage: 0xa000 (40960)
668	28fc.18f8: Resource Dir: 0x8000 LB 0x3d0
669	28fc.18f8: ProductName: Malwarebytes Anti-Malware
670	28fc.18f8: ProductVersion: 0.1.15.0
671	28fc.18f8: FileVersion: 0.1.15.0
672	28fc.18f8: FileDescription: Malwarebytes Anti-Malware
673	28fc.18f8: \SystemRoot\System32\drivers\MpFilter.sys:
674	28fc.18f8: CreationTime: 2014-07-17T23:05:06.000000000Z
675	28fc.18f8: LastWriteTime: 2014-07-17T23:05:06.000000000Z
676	28fc.18f8: ChangeTime: 2014-09-09T23:22:15.541298400Z
677	28fc.18f8: FileAttributes: 0x20
678	28fc.18f8: Size: 0x41ad0
679	28fc.18f8: NT Headers: 0xf0
680	28fc.18f8: Timestamp: 0x53bdfdba
681	28fc.18f8: Machine: 0x8664 - amd64
682	28fc.18f8: Timestamp: 0x53bdfdba
683	28fc.18f8: Image Version: 6.3
684	28fc.18f8: SizeOfImage: 0x42000 (270336)
685	28fc.18f8: Resource Dir: 0x40000 LB 0xd50
686	28fc.18f8: ProductName: Microsoft Malware Protection
687	28fc.18f8: ProductVersion: 4.6.0300.0
688	28fc.18f8: FileVersion: 4.6.0300.0
689	28fc.18f8: FileDescription: Microsoft antimalware file system filter driver
690	28fc.18f8: \SystemRoot\System32\drivers\NisDrvWFP.sys:
691	28fc.18f8: CreationTime: 2014-03-11T14:52:30.000000000Z
692	28fc.18f8: LastWriteTime: 2014-07-17T23:05:06.000000000Z
693	28fc.18f8: ChangeTime: 2014-09-09T23:22:14.801256100Z
694	28fc.18f8: FileAttributes: 0x20
695	28fc.18f8: Size: 0x1ea90
696	28fc.18f8: NT Headers: 0xe0
697	28fc.18f8: Timestamp: 0x53bdfde3
698	28fc.18f8: Machine: 0x8664 - amd64
699	28fc.18f8: Timestamp: 0x53bdfde3
700	28fc.18f8: Image Version: 6.3
701	28fc.18f8: SizeOfImage: 0x1f000 (126976)
702	28fc.18f8: Resource Dir: 0x1c000 LB 0x1b90
703	28fc.18f8: ProductName: Microsoft Malware Protection
704	28fc.18f8: ProductVersion: 4.6.0300.0
705	28fc.18f8: FileVersion: 4.6.0300.0
706	28fc.18f8: FileDescription: Microsoft Network Realtime Inspection Driver
707	28fc.18f8: Calling main()
708	28fc.18f8: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
709	28fc.18f8: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
710	28fc.18f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
711	28fc.18f8: SUPR3HardenedMain: Final process, opening VBoxDrv...
712	28fc.18f8: supR3HardenedEarlyCompact: Removed heap 1 (0x000000002f0000 LB 0x400000)
713	28fc.18f8: supR3HardNtEnableThreadCreation:
714	28fc.18f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
715	28fc.18f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
716	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008e4fd0:C:\Windows\system32 [calling]
717	28fc.18f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
718	28fc.18f8: supR3HardenedDllNotificationCallback: load 000007fef8a40000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
719	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
720	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
721	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008e5c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
722	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8a40000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
723	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
724	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008e5c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
725	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8a40000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
726	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8a40000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
727	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
728	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'.
729	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
730	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
731	28fc.18f8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
732	28fc.18f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
733	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
734	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
735	28fc.18f8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
736	28fc.18f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
737	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
738	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
739	28fc.18f8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
740	28fc.18f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
741	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
742	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
743	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
744	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
745	28fc.18f8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
746	28fc.18f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
747	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
748	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
749	28fc.18f8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
750	28fc.18f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
751	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
752	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
753	28fc.18f8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
754	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
755	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
756	28fc.18f8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
757	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008e4fd0:C:\Windows\system32 [calling]
758	28fc.18f8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
759	28fc.18f8: supR3HardenedDllNotificationCallback: load 000007fefcfa0000 LB 0x0003b000 C:\Windows\system32\Wintrust.dll [fFlags=0x0]
760	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
761	28fc.18f8: supR3HardenedDllNotificationCallback: load 000007feff040000 LB 0x0009f000 C:\Windows\system32\msvcrt.dll [fFlags=0x0]
762	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
763	28fc.18f8: supR3HardenedDllNotificationCallback: load 000007fefd100000 LB 0x0016d000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0]
764	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
765	28fc.18f8: supR3HardenedDllNotificationCallback: load 000007fefcf60000 LB 0x0000f000 C:\Windows\system32\MSASN1.dll [fFlags=0x0]
766	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
767	28fc.18f8: supR3HardenedDllNotificationCallback: load 000007fefea20000 LB 0x0012d000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0]
768	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
769	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcfa0000 'C:\Windows\system32\Wintrust.dll'
770	28fc.18f8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
771	28fc.18f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
772	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008e5c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
773	28fc.18f8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
774	28fc.18f8: supR3HardenedDllNotificationCallback: load 000007fefc750000 LB 0x00018000 C:\Windows\system32\CRYPTSP.dll [fFlags=0x0]
775	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
776	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc750000 'C:\Windows\system32\CRYPTSP.dll'
777	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
778	28fc.18f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
779	28fc.18f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
780	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
781	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
782	28fc.18f8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
783	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008e5c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
784	28fc.18f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
785	28fc.18f8: supR3HardenedDllNotificationCallback: load 000007fefc450000 LB 0x00047000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
786	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
787	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc450000 'C:\Windows\system32\rsaenh.dll'
788	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
789	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
790	28fc.18f8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
791	28fc.18f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
792	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
793	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
794	28fc.18f8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
795	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
796	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
797	28fc.18f8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
798	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008e5c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
799	28fc.18f8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
800	28fc.18f8: supR3HardenedDllNotificationCallback: load 000007fefeb50000 LB 0x000db000 C:\Windows\system32\ADVAPI32.dll [fFlags=0x0]
801	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
802	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
803	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
804	28fc.18f8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
805	28fc.18f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
806	28fc.18f8: supR3HardenedDllNotificationCallback: load 000007fefd3b0000 LB 0x0001f000 C:\Windows\SYSTEM32\sechost.dll [fFlags=0x0]
807	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
808	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeb50000 'C:\Windows\system32\ADVAPI32.dll'
809	28fc.18f8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll)
810	28fc.18f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
811	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
812	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
813	28fc.18f8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
814	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
815	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
816	28fc.18f8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
817	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008e5c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
818	28fc.18f8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
819	28fc.18f8: supR3HardenedDllNotificationCallback: load 000007fefcdb0000 LB 0x0000f000 C:\Windows\system32\CRYPTBASE.dll [fFlags=0x0]
820	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
821	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcdb0000 'C:\Windows\system32\CRYPTBASE.dll'
822	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
823	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008e5c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
824	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077070000 'C:\Windows\system32\kernel32.dll'
825	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
826	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008e5c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
827	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcfa0000 'C:\Windows\system32\WINTRUST.DLL'
828	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
829	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000008e5c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
830	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd100000 'C:\Windows\system32\CRYPT32.dll'
831	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
832	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'advapi32.dll'.
833	28fc.18f8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
834	28fc.18f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
835	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
836	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
837	28fc.18f8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
838	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
839	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
840	28fc.18f8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
841	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imagehlp.dll (Input=imagehlp.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008e5c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
842	28fc.18f8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
843	28fc.18f8: supR3HardenedDllNotificationCallback: load 000007fefe8f0000 LB 0x00019000 C:\Windows\system32\imagehlp.dll [fFlags=0x0]
844	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
845	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe8f0000 'C:\Windows\system32\imagehlp.dll'
846	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
847	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008e5c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
848	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc750000 'C:\Windows\system32\CRYPTSP.dll'
849	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
850	28fc.18f8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
851	28fc.18f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
852	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
853	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
854	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
855	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'.
856	28fc.18f8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
857	28fc.18f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
858	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'...
859	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume2\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008]
860	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
861	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
862	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'.
863	28fc.18f8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\lpk.dll)
864	28fc.18f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\lpk.dll
865	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
866	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
867	28fc.18f8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
868	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'...
869	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume2\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008]
870	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
871	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
872	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
873	28fc.18f8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\usp10.dll)
874	28fc.18f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\usp10.dll
875	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
876	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
877	28fc.18f8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
878	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
879	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
880	28fc.18f8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
881	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
882	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
883	28fc.18f8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
884	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
885	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
886	28fc.18f8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
887	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
888	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
889	28fc.18f8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
890	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USER32.dll (Input=USER32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008e5c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
891	28fc.18f8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
892	28fc.18f8: supR3HardenedDllNotificationCallback: load 0000000076f70000 LB 0x000fa000 C:\Windows\system32\USER32.dll [fFlags=0x0]
893	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
894	28fc.18f8: supR3HardenedDllNotificationCallback: load 000007feff3b0000 LB 0x00067000 C:\Windows\system32\GDI32.dll [fFlags=0x0]
895	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
896	28fc.18f8: supR3HardenedDllNotificationCallback: load 000007fefec90000 LB 0x0000e000 C:\Windows\system32\LPK.dll [fFlags=0x0]
897	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\lpk.dll [lacks WinVerifyTrust]
898	28fc.18f8: supR3HardenedDllNotificationCallback: load 000007fefe720000 LB 0x000c9000 C:\Windows\system32\USP10.dll [fFlags=0x0]
899	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\usp10.dll [lacks WinVerifyTrust]
900	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
901	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008e5c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
902	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff3b0000 'C:\Windows\system32\gdi32.dll'
903	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
904	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
905	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msctf.dll'.
906	28fc.18f8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imm32.dll)
907	28fc.18f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll
908	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
909	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume2\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
910	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
911	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
912	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
913	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'imm32.dll'.
914	28fc.18f8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msctf.dll)
915	28fc.18f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll
916	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
917	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
918	28fc.18f8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
919	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
920	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
921	28fc.18f8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
922	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
923	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
924	28fc.18f8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
925	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
926	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
927	28fc.18f8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
928	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
929	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
930	28fc.18f8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
931	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
932	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
933	28fc.18f8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
934	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008e5c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
935	28fc.18f8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
936	28fc.18f8: supR3HardenedDllNotificationCallback: load 000007fefe840000 LB 0x0002e000 C:\Windows\system32\IMM32.DLL [fFlags=0x0]
937	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
938	28fc.18f8: supR3HardenedDllNotificationCallback: load 000007fefe910000 LB 0x00109000 C:\Windows\system32\MSCTF.dll [fFlags=0x0]
939	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msctf.dll [lacks WinVerifyTrust]
940	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe840000 'C:\Windows\system32\IMM32.DLL'
941	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076f70000 'C:\Windows\system32\USER32.dll'
942	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'bcrypt.dll'.
943	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
944	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msasn1.dll'.
945	28fc.18f8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ncrypt.dll)
946	28fc.18f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ncrypt.dll
947	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
948	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
949	28fc.18f8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
950	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
951	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
952	28fc.18f8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
953	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
954	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
955	28fc.18f8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
956	28fc.18f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
957	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ncrypt.dll (Input=ncrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008e5c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
958	28fc.18f8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
959	28fc.18f8: supR3HardenedDllNotificationCallback: load 000007fefc8d0000 LB 0x00050000 C:\Windows\system32\ncrypt.dll [fFlags=0x0]
960	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
961	28fc.18f8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
962	28fc.18f8: supR3HardenedDllNotificationCallback: load 000007fefc8a0000 LB 0x00022000 C:\Windows\system32\bcrypt.dll [fFlags=0x0]
963	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
964	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc8d0000 'C:\Windows\system32\ncrypt.dll'
965	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
966	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'.
967	28fc.18f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
968	28fc.18f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
969	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
970	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
971	28fc.18f8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
972	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
973	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
974	28fc.18f8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
975	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008e5c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
976	28fc.18f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
977	28fc.18f8: supR3HardenedDllNotificationCallback: load 000007fefc390000 LB 0x0004c000 C:\Windows\system32\bcryptprimitives.dll [fFlags=0x0]
978	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
979	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc390000 'C:\Windows\system32\bcryptprimitives.dll'
980	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
981	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (Input=bcrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008e5c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
982	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc8a0000 'C:\Windows\system32\bcrypt.dll'
983	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
984	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
985	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'profapi.dll'.
986	28fc.18f8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\userenv.dll)
987	28fc.18f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll
988	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
989	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
990	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
991	28fc.18f8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\profapi.dll)
992	28fc.18f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll
993	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
994	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
995	28fc.18f8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
996	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
997	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
998	28fc.18f8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
999	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1000	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1001	28fc.18f8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1002	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USERENV.dll (Input=USERENV.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008e5c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
1003	28fc.18f8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
1004	28fc.18f8: supR3HardenedDllNotificationCallback: load 000007fefcff0000 LB 0x0001e000 C:\Windows\system32\USERENV.dll [fFlags=0x0]
1005	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
1006	28fc.18f8: supR3HardenedDllNotificationCallback: load 000007fefcf50000 LB 0x0000f000 C:\Windows\system32\profapi.dll [fFlags=0x0]
1007	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
1008	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcff0000 'C:\Windows\system32\USERENV.dll'
1009	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008e5c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
1010	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd3b0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
1011	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008e5c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
1012	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd3b0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
1013	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1014	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
1015	28fc.18f8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll)
1016	28fc.18f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
1017	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1018	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1019	28fc.18f8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1020	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1021	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1022	28fc.18f8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1023	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\GPAPI.dll (Input=GPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008e5c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
1024	28fc.18f8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
1025	28fc.18f8: supR3HardenedDllNotificationCallback: load 000007fefc200000 LB 0x0001b000 C:\Windows\system32\GPAPI.dll [fFlags=0x0]
1026	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
1027	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc200000 'C:\Windows\system32\GPAPI.dll'
1028	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008e5c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
1029	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd3b0000 'API-MS-WIN-Service-Management-L1-1-0.dll'
1030	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1031	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008e5c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
1032	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefea20000 'C:\Windows\system32\rpcrt4.dll'
1033	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008e5c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
1034	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd3b0000 'API-MS-WIN-Service-Management-L2-1-0.dll'
1035	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008e5c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
1036	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd3b0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
1037	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1038	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
1039	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
1040	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'wldap32.dll'.
1041	28fc.18f8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll)
1042	28fc.18f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
1043	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
1044	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
1045	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1046	28fc.18f8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\Wldap32.dll)
1047	28fc.18f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\Wldap32.dll
1048	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
1049	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
1050	28fc.18f8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
1051	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1052	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1053	28fc.18f8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
1054	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1055	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1056	28fc.18f8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1057	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1058	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1059	28fc.18f8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1060	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008e5c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
1061	28fc.18f8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1062	28fc.18f8: supR3HardenedDllNotificationCallback: load 000007fef94a0000 LB 0x00027000 C:\Windows\system32\cryptnet.dll [fFlags=0x0]
1063	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1064	28fc.18f8: supR3HardenedDllNotificationCallback: load 000007fefec30000 LB 0x00052000 C:\Windows\system32\WLDAP32.dll [fFlags=0x0]
1065	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
1066	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1067	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000008e5c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
1068	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef94a0000 'C:\Windows\system32\cryptnet.dll'
1069	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1070	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000008e5c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
1071	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef94a0000 'C:\Windows\system32\cryptnet.dll'
1072	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1073	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000008e5c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
1074	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef94a0000 'C:\Windows\system32\cryptnet.dll'
1075	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1076	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000008e5c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
1077	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef94a0000 'C:\Windows\system32\cryptnet.dll'
1078	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1079	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000008e5c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
1080	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef94a0000 'C:\Windows\system32\cryptnet.dll'
1081	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1082	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000008e5c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
1083	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef94a0000 'C:\Windows\system32\cryptnet.dll'
1084	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1085	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef94a0000 'C:\Windows\system32\cryptnet.dll'
1086	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1087	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef94a0000 'C:\Windows\system32\cryptnet.dll'
1088	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1089	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef94a0000 'C:\Windows\system32\cryptnet.dll'
1090	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1091	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef94a0000 'C:\Windows\system32\cryptnet.dll'
1092	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1093	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef94a0000 'C:\Windows\system32\cryptnet.dll'
1094	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef94a0000 'C:\Windows\system32\cryptnet.dll'
1095	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1096	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef94a0000 'C:\Windows\system32\cryptnet.dll'
1097	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008e5c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
1098	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd3b0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
1099	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
1100	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008e5c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
1101	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf50000 'C:\Windows\system32\profapi.dll'
1102	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
1103	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1104	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
1105	28fc.18f8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll)
1106	28fc.18f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1107	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1108	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1109	28fc.18f8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1110	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1111	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1112	28fc.18f8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1113	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1114	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1115	28fc.18f8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1116	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008e5c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
1117	28fc.18f8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
1118	28fc.18f8: supR3HardenedDllNotificationCallback: load 000007fefe870000 LB 0x00071000 C:\Windows\system32\SHLWAPI.dll [fFlags=0x0]
1119	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
1120	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe870000 'C:\Windows\system32\SHLWAPI.dll'
1121	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
1122	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000005fb770
1123	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000005fb770
1124	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=771D512B7B1C39F0393BD4EF9FC62F442783FB35
1125	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008e5c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
1126	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd3b0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
1127	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008e5c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
1128	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd3b0000 'API-MS-WIN-Service-Management-L1-1-0.dll'
1129	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008e5c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
1130	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd3b0000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
1131	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
1132	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008e5c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
1133	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeb50000 'C:\Windows\system32\ADVAPI32.dll'
1134	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008e5c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
1135	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd3b0000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
1136	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008e5c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
1137	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd3b0000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
1138	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5_for_KB2882822~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\SystemRoot\System32\ntdll.dll'
1139	28fc.18f8: g_pfnWinVerifyTrust=000007fefcfa1010
1140	28fc.18f8: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
1141	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e0 pwszName=\Device\HarddiskVolume2\Windows\System32\crypt32.dll
1142	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000005fb770
1143	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000005fb770
1144	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E4581771CBFFF32DF331EF17B5C5FD7E1F614302
1145	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_136_for_KB2949927~31bf3856ad364e35~amd64~~6.1.1.5.cat'; file='\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
1146	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1147	28fc.18f8: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
1148	28fc.18f8: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
1149	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d4 pwszName=\Device\HarddiskVolume2\Windows\System32\wintrust.dll
1150	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000005fb770
1151	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000005fb770
1152	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=108407301192217C74BC9FE609CA642A66DBE98B
1153	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_91_for_KB2949927~31bf3856ad364e35~amd64~~6.1.1.5.cat'; file='\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
1154	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1155	28fc.18f8: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
1156	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003a4 pwszName=\Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1157	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000005fb770
1158	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000005fb770
1159	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0AB8D9C9D3E1FC95D01F9A984B16ED031BB40CD8
1160	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
1161	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1162	28fc.18f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
1163	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000398 pwszName=\Device\HarddiskVolume2\Windows\System32\Wldap32.dll
1164	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000005fb770
1165	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000005fb770
1166	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=87E73086F2528CF31D3AD5F0D71E04F8B942D5D8
1167	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
1168	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1169	28fc.18f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
1170	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000394 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll
1171	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000005fb770
1172	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000005fb770
1173	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C1C670A9871F2BD448B2F0FA6127AC7A486B8D8F
1174	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_91_for_KB2949927~31bf3856ad364e35~amd64~~6.1.1.5.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
1175	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1176	28fc.18f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
1177	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000260 pwszName=\Device\HarddiskVolume2\Windows\System32\gpapi.dll
1178	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000005fb770
1179	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000005fb770
1180	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=470795C189226F7BDB8E50F42104CC34488B9340
1181	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
1182	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1183	28fc.18f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
1184	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001cc pwszName=\Device\HarddiskVolume2\Windows\System32\profapi.dll
1185	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000005fb770
1186	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000005fb770
1187	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2449672745D9BA339420451D13FA0380AA768231
1188	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\profapi.dll'
1189	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1190	28fc.18f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll'
1191	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001c8 pwszName=\Device\HarddiskVolume2\Windows\System32\userenv.dll
1192	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000005fb770
1193	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000005fb770
1194	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D3E1A2CC7367F751C19EBF4E6EDF5E9A10E47313
1195	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\userenv.dll'
1196	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1197	28fc.18f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\userenv.dll'
1198	28fc.18f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll'
1199	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001a0 pwszName=\Device\HarddiskVolume2\Windows\System32\bcrypt.dll
1200	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000005fb770
1201	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000005fb770
1202	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=62E377A1F0AD0C2EDC0A73CB3EFF841FF18D00D2
1203	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
1204	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1205	28fc.18f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
1206	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000019c pwszName=\Device\HarddiskVolume2\Windows\System32\ncrypt.dll
1207	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000005fb770
1208	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000005fb770
1209	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D68DA0EBD4E0AA6C401CF7C54CEA904099DD3933
1210	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_52_for_KB2992611~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
1211	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1212	28fc.18f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
1213	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000184 pwszName=\Device\HarddiskVolume2\Windows\System32\msctf.dll
1214	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000005fb770
1215	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000005fb770
1216	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=803AF52F95A9EFDFDA06C595023831EE36ACD3A8
1217	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\msctf.dll'
1218	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1219	28fc.18f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll'
1220	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000180 pwszName=\Device\HarddiskVolume2\Windows\System32\imm32.dll
1221	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000005fb770
1222	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000005fb770
1223	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6EEE1AB3B6D79AFF857940FF5F51ED27698153EC
1224	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\imm32.dll'
1225	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1226	28fc.18f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll'
1227	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000017c pwszName=\Device\HarddiskVolume2\Windows\System32\usp10.dll
1228	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000005fb770
1229	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000005fb770
1230	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1F1AA8340DE02FC1B6341EE2706E55D56EDF63B8
1231	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2957509~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\usp10.dll'
1232	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1233	28fc.18f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\usp10.dll'
1234	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000178 pwszName=\Device\HarddiskVolume2\Windows\System32\lpk.dll
1235	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000005fb770
1236	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000005fb770
1237	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6FCA4D678614C8615E6E5C082BF3A4562FCF14EB
1238	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2847311~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\lpk.dll'
1239	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1240	28fc.18f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\lpk.dll'
1241	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000174 pwszName=\Device\HarddiskVolume2\Windows\System32\gdi32.dll
1242	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000005fb770
1243	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000005fb770
1244	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7AEB59C2353484ADF282BEA358113ABD82C223B9
1245	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2993651~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
1246	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1247	28fc.18f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
1248	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000170 pwszName=\Device\HarddiskVolume2\Windows\System32\user32.dll
1249	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000005fb770
1250	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000005fb770
1251	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B723D1B8AD72750B0CF5F6BEC66171B1254ED879
1252	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\user32.dll'
1253	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1254	28fc.18f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll'
1255	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000016c pwszName=\Device\HarddiskVolume2\Windows\System32\imagehlp.dll
1256	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000005fb770
1257	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000005fb770
1258	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2702EE05F1B717B0F2CE0FBE32784A47B8419DCA
1259	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2893294~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
1260	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1261	28fc.18f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
1262	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000120 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptbase.dll
1263	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000005fb770
1264	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000005fb770
1265	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A965CC5DB13A5FB23BBB1B6B5FA6D400DC49462F
1266	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
1267	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1268	28fc.18f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
1269	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000114 pwszName=\Device\HarddiskVolume2\Windows\System32\sechost.dll
1270	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000005fb770
1271	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000005fb770
1272	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3FA2A014BF360CDC0E203A174FFC9DC5343C5323
1273	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\sechost.dll'
1274	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1275	28fc.18f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll'
1276	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000108 pwszName=\Device\HarddiskVolume2\Windows\System32\advapi32.dll
1277	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000005fb770
1278	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000005fb770
1279	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7C0A1C638CE7C1160F49C473EC1420BD3AB693C4
1280	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5_for_KB2882822~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
1281	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1282	28fc.18f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
1283	28fc.18f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll'
1284	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000104 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptsp.dll
1285	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000005fb770
1286	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000005fb770
1287	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FE601E1BC89E11CA16D1CA31315BC348EFAF0C74
1288	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_91_for_KB2949927~31bf3856ad364e35~amd64~~6.1.1.5.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
1289	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1290	28fc.18f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
1291	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e4 pwszName=\Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1292	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000005fb770
1293	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000005fb770
1294	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2CA2FD632B264C063162F71474266E3615B6420C
1295	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2654428~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
1296	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1297	28fc.18f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
1298	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000dc pwszName=\Device\HarddiskVolume2\Windows\System32\msasn1.dll
1299	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000005fb770
1300	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000005fb770
1301	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F2FF57DC30D774F93061607060DAA0DD15E39CCE
1302	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
1303	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1304	28fc.18f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
1305	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d8 pwszName=\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1306	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000005fb770
1307	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000005fb770
1308	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03E871CFC4A3E7194619AFC99CEEA1EC75982D12
1309	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2978668~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
1310	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1311	28fc.18f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
1312	28fc.18f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
1313	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000028 pwszName=\Device\HarddiskVolume2\Windows\System32\KernelBase.dll
1314	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000005fb770
1315	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000005fb770
1316	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=57EB6F834C5A5D9585A660D91756134028A3B089
1317	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_54_for_KB2871997~31bf3856ad364e35~amd64~~6.1.2.5.cat'; file='\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
1318	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1319	28fc.18f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
1320	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000020 pwszName=\Device\HarddiskVolume2\Windows\System32\kernel32.dll
1321	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000005fb770
1322	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000005fb770
1323	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5349346AE66DA4E3A7206628F484AC3B3AA43776
1324	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_54_for_KB2871997~31bf3856ad364e35~amd64~~6.1.2.5.cat'; file='\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
1325	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1326	28fc.18f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
1327	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
1328	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000690010:C:\Windows\system32 [calling]
1329	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd100000 'C:\Windows\system32\crypt32.dll'
1330	28fc.18f8: supR3HardenedWinIsDesiredRootCA: Adding 0xc0f405ab4fb0ba00 CN=localhost, O=Skype Click to Call, OU=Skype Click to Call
1331	28fc.18f8: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
1332	28fc.18f8: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
1333	28fc.18f8: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
1334	28fc.18f8: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
1335	28fc.18f8: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
1336	28fc.18f8: supR3HardenedWinIsDesiredRootCA: Adding 0xbf1f81e5a97406aa CN=USB\VID_0781&PID_5150 (libwdi autogenerated)
1337	28fc.18f8: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
1338	28fc.18f8: supR3HardenedWinIsDesiredRootCA: Adding 0x5675ad49101bb3f2 CN=USB\VID_0764&PID_0501 (libwdi autogenerated)
1339	28fc.18f8: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
1340	28fc.18f8: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
1341	28fc.18f8: supR3HardenedWinIsDesiredRootCA: Adding 0x91e3728b8b40d000 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO Certification Authority
1342	28fc.18f8: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
1343	28fc.18f8: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, [email protected]
1344	28fc.18f8: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
1345	28fc.18f8: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
1346	28fc.18f8: supR3HardenedWinIsDesiredRootCA: Adding 0xe248b7eeee4af00 C=CH, O=SwissSign AG, CN=SwissSign Gold CA - G2
1347	28fc.18f8: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
1348	28fc.18f8: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
1349	28fc.18f8: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
1350	28fc.18f8: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
1351	28fc.18f8: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
1352	28fc.18f8: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
1353	28fc.18f8: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
1354	28fc.18f8: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
1355	28fc.18f8: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
1356	28fc.18f8: supR3HardenedWinIsDesiredRootCA: Adding 0xff3891b54348328 C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Secure Server Certification Authority
1357	28fc.18f8: supR3HardenedWinIsDesiredRootCA: Adding 0xabd0695c5d11d15e C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
1358	28fc.18f8: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
1359	28fc.18f8: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
1360	28fc.18f8: supR3HardenedWinIsDesiredRootCA: Adding 0x5a341635fb75d800 C=US, O=U.S. Government, OU=FPKI, CN=Federal Common Policy CA
1361	28fc.18f8: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
1362	28fc.18f8: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
1363	28fc.18f8: supR3HardenedWinIsDesiredRootCA: Adding 0x298be035a30bab00 C=DE, O=Deutsche Telekom AG, OU=T-TeleSec Trust Center, CN=Deutsche Telekom Root CA 2
1364	28fc.18f8: supR3HardenedWinIsDesiredRootCA: Adding 0xabd0695c5d11d15e C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
1365	28fc.18f8: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
1366	28fc.18f8: supR3HardenedWinIsDesiredRootCA: Adding 0xab549401526569d3 L=Internet, O=VeriSign, Inc., OU=VeriSign Commercial Software Publishers CA
1367	28fc.18f8: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, [email protected]
1368	28fc.18f8: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
1369	28fc.18f8: supR3HardenedWinIsDesiredRootCA: Adding 0x16e64d2a56ccf200 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., OU=http://certificates.starfieldtech.com/repository/, CN=Starfield Services Root Certificate Authority
1370	28fc.18f8: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
1371	28fc.18f8: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
1372	28fc.18f8: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
1373	28fc.18f8: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
1374	28fc.18f8: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
1375	28fc.18f8: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
1376	28fc.18f8: supR3HardenedWinIsDesiredRootCA: Adding 0x30669a4e82fa800 C=US, O=America Online Inc., CN=America Online Root Certification Authority 1
1377	28fc.18f8: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
1378	28fc.18f8: supR3HardenedWinIsDesiredRootCA: Adding 0x9259c8abe5ca713a L=ValiCert Validation Network, O=ValiCert, Inc., OU=ValiCert Class 2 Policy Validation Authority, CN=http://www.valicert.com/, [email protected]
1379	28fc.18f8: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
1380	28fc.18f8: supR3HardenedWinIsDesiredRootCA: Adding 0xab549401526569d3 L=Internet, O=VeriSign, Inc., OU=VeriSign Commercial Software Publishers CA
1381	28fc.18f8: supR3HardenedWinIsDesiredRootCA: Adding 0xe66b56ffc86e50a4 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA, [email protected]
1382	28fc.18f8: supR3HardenedWinIsDesiredRootCA: Adding 0x92ac5ed85c2d0e9b C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2007 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G4
1383	28fc.18f8: supR3HardenedWinIsDesiredRootCA: Adding 0x1f78fc529cbacb00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
1384	28fc.18f8: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
1385	28fc.18f8: supR3HardenedWinIsDesiredRootCA: Adding 0xa8b43f38c3f7b100 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware
1386	28fc.18f8: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
1387	28fc.18f8: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=57
1388	28fc.18f8: SUPR3HardenedMain: Load Runtime...
1389	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1390	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
1391	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
1392	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
1393	28fc.18f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll)WinVerifyTrust
1394	28fc.18f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1395	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1396	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1397	28fc.18f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1398	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1399	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1400	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000448 pwszName=\Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1401	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000005fb770
1402	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000005fb770
1403	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3EF3BDC1E84DFA17EA056313214EE88EC3E66F79
1404	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\ws2_32.dll'
1405	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1406	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1407	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
1408	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'nsi.dll'.
1409	28fc.18f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll)WinVerifyTrust
1410	28fc.18f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1411	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1412	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1413	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1414	28fc.18f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll)WinVerifyTrust
1415	28fc.18f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1416	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1417	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1418	28fc.18f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll)WinVerifyTrust
1419	28fc.18f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1420	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1421	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1422	28fc.18f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1423	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
1424	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
1425	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000460 pwszName=\Device\HarddiskVolume2\Windows\System32\nsi.dll
1426	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000005fb770
1427	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000005fb770
1428	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7AFD8538945F2D05BC1AF949B9B19B7D2D9FBBF8
1429	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\nsi.dll'
1430	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1431	28fc.18f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll)WinVerifyTrust
1432	28fc.18f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll
1433	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1434	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1435	28fc.18f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1436	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1437	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1438	28fc.18f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1439	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000098add0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1440	28fc.18f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1441	28fc.18f8: supR3HardenedDllNotificationCallback: load 000007feef0b0000 LB 0x00531000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
1442	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1443	28fc.18f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1444	28fc.18f8: supR3HardenedDllNotificationCallback: load 000000006fed0000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
1445	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1446	28fc.18f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1447	28fc.18f8: supR3HardenedDllNotificationCallback: load 000000006fb50000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
1448	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1449	28fc.18f8: supR3HardenedDllNotificationCallback: load 000007fefe7f0000 LB 0x0004d000 C:\Windows\system32\WS2_32.dll [fFlags=0x0]
1450	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1451	28fc.18f8: supR3HardenedDllNotificationCallback: load 000007fefe450000 LB 0x00008000 C:\Windows\system32\NSI.dll [fFlags=0x0]
1452	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
1453	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1454	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008e5c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
1455	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef0b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1456	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1457	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008e5c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
1458	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef0b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1459	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1460	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008e5c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
1461	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef0b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1462	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1463	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008e5c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
1464	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef0b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1465	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1466	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008e5c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
1467	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef0b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1468	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1469	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008e5c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
1470	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef0b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1471	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef0b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1472	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef0b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1473	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef0b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1474	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef0b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1475	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef0b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1476	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef0b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1477	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef0b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1478	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1479	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008e5c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
1480	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef0b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1481	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef0b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1482	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef0b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1483	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef0b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1484	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef0b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1485	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef0b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1486	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef0b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1487	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef0b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1488	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef0b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1489	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef0b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1490	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef0b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1491	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef0b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1492	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef0b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1493	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef0b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1494	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef0b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1495	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef0b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1496	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1497	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008e5c90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\utils\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Users\rjs7\AppData\Roaming\npm [calling]
1498	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef0b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1499	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef0b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1500	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef0b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1501	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef0b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1502	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
1503	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000965670:C:\Windows\system32 [calling]
1504	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcfa0000 'C:\Windows\system32\Wintrust.dll'
1505	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
1506	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000965670:C:\Windows\system32 [calling]
1507	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd100000 'C:\Windows\system32\crypt32.dll'
1508	28fc.18f8: SUPR3HardenedMain: Load TrustedMain...
1509	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1510	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
1511	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
1512	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
1513	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
1514	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qtguivbox4.dll'.
1515	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qtnetworkvbox4.dll'.
1516	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qtopenglvbox4.dll'.
1517	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'user32.dll'.
1518	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'gdi32.dll'.
1519	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
1520	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
1521	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
1522	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
1523	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'comdlg32.dll'.
1524	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'winmm.dll'.
1525	28fc.18f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll)WinVerifyTrust
1526	28fc.18f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
1527	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1528	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1529	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004a0 pwszName=\Device\HarddiskVolume2\Windows\System32\winmm.dll
1530	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000005fb770
1531	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000005fb770
1532	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=82E2B2A7826F88BEB98FFF0540C9BDB0A12F001A
1533	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\winmm.dll'
1534	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1535	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1536	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1537	28fc.18f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll)WinVerifyTrust
1538	28fc.18f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll
1539	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
1540	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
1541	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000480 pwszName=\Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1542	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000005fb770
1543	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000005fb770
1544	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=66EE5BDFFA413AEA9E1FE7838A08646E94136DA5
1545	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'
1546	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1547	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1548	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'.
1549	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1550	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1551	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'.
1552	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
1553	28fc.18f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comdlg32.dll)WinVerifyTrust
1554	28fc.18f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1555	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1556	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1557	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000494 pwszName=\Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1558	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000005fb770
1559	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000005fb770
1560	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=59C9A3379D97CB80EFB9D9152AF4E0240DDF8B29
1561	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3006226~31bf3856ad364e35~amd64~~6.1.1.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\oleaut32.dll'
1562	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1563	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
1564	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1565	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
1566	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
1567	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
1568	28fc.18f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll)WinVerifyTrust
1569	28fc.18f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1570	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1571	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1572	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004ac pwszName=\Device\HarddiskVolume2\Windows\System32\ole32.dll
1573	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000005fb770
1574	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000005fb770
1575	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2E64AE329BD5124592BC8CB0B327AA3B95DC65B7
1576	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\ole32.dll'
1577	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1578	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1579	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
1580	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
1581	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
1582	28fc.18f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ole32.dll)WinVerifyTrust
1583	28fc.18f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll
1584	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1585	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1586	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004a4 pwszName=\Device\HarddiskVolume2\Windows\System32\shell32.dll
1587	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000005fb770
1588	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000005fb770
1589	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8D11B9B481EE916E64C94F8ECA71C2995A2999B7
1590	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2980245~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\shell32.dll'
1591	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1592	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1593	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shlwapi.dll'.
1594	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
1595	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
1596	28fc.18f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll)WinVerifyTrust
1597	28fc.18f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
1598	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1599	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1600	28fc.18f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1601	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1602	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1603	28fc.18f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1604	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1605	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1606	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtopenglvbox4.dll'...
1607	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtopenglvbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtopenglvbox4.dll' [rcNtRedir=0xc0150008]
1608	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1609	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
1610	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1611	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qtguivbox4.dll'.
1612	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
1613	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'.
1614	28fc.18f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll)WinVerifyTrust
1615	28fc.18f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
1616	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtnetworkvbox4.dll'...
1617	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtnetworkvbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtnetworkvbox4.dll' [rcNtRedir=0xc0150008]
1618	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ws2_32.dll'.
1619	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qtcorevbox4.dll'.
1620	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcr100.dll'.
1621	28fc.18f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll)WinVerifyTrust
1622	28fc.18f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
1623	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
1624	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
1625	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1626	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'comdlg32.dll'.
1627	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'.
1628	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
1629	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
1630	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
1631	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
1632	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
1633	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'advapi32.dll'.
1634	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shell32.dll'.
1635	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'qtcorevbox4.dll'.
1636	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp100.dll'.
1637	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msvcr100.dll'.
1638	28fc.18f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll)WinVerifyTrust
1639	28fc.18f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
1640	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1641	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1642	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1643	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
1644	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1645	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
1646	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1647	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1648	28fc.18f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll)WinVerifyTrust
1649	28fc.18f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1650	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1651	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1652	28fc.18f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1653	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1654	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1655	28fc.18f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1656	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1657	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1658	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1659	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1660	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004e8 pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll
1661	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000005fb770
1662	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000005fb770
1663	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=608AC397FCC42B9FBAE25CB8C25EAF4C19AA384D
1664	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
1665	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1666	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1667	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1668	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1669	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
1670	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
1671	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
1672	28fc.18f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll)WinVerifyTrust
1673	28fc.18f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1674	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1675	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1676	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
1677	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume2\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
1678	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004dc pwszName=\Device\HarddiskVolume2\Windows\System32\ddraw.dll
1679	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000005fb770
1680	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000005fb770
1681	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=24C763EA54CD792A0F1618411061DC356EE31FF6
1682	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\ddraw.dll'
1683	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1684	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1685	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1686	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'dciman32.dll'.
1687	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1688	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
1689	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'dwmapi.dll'.
1690	28fc.18f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ddraw.dll)WinVerifyTrust
1691	28fc.18f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ddraw.dll
1692	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
1693	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
1694	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004d8 pwszName=\Device\HarddiskVolume2\Windows\System32\glu32.dll
1695	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000005fb770
1696	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000005fb770
1697	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=60E45AB914E06A11F44EA76C6EF750AF892F9EA2
1698	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\glu32.dll'
1699	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1700	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1701	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
1702	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1703	28fc.18f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\glu32.dll)WinVerifyTrust
1704	28fc.18f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll
1705	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1706	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1707	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1708	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1709	28fc.18f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1710	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1711	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1712	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1713	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1714	28fc.18f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1715	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1716	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1717	28fc.18f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1718	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1719	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1720	28fc.18f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1721	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1722	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1723	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1724	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1725	28fc.18f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1726	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1727	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1728	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1729	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1730	28fc.18f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1731	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1732	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1733	28fc.18f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1734	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1735	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1736	28fc.18f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1737	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1738	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1739	28fc.18f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1740	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1741	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1742	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1743	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1744	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1745	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1746	28fc.18f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1747	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
1748	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
1749	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004cc pwszName=\Device\HarddiskVolume2\Windows\System32\winspool.drv
1750	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000005fb770
1751	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000005fb770
1752	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C89A2ED7B99A056D78CA6BAC9CCAB8B1FF119A14
1753	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\winspool.drv'
1754	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1755	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1756	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1757	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
1758	28fc.18f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winspool.drv)WinVerifyTrust
1759	28fc.18f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winspool.drv
1760	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1761	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1762	28fc.18f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1763	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
1764	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
1765	28fc.18f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
1766	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1767	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1768	28fc.18f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1769	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
1770	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
1771	28fc.18f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1772	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1773	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1774	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1775	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1776	28fc.18f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1777	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1778	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1779	28fc.18f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1780	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1781	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1782	28fc.18f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1783	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1784	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1785	28fc.18f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1786	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1787	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1788	28fc.18f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1789	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
1790	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
1791	28fc.18f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
1792	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1793	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1794	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1795	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1796	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1797	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1798	28fc.18f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1799	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1800	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1801	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1802	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1803	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1804	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1805	28fc.18f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1806	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1807	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1808	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1809	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1810	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1811	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1812	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1813	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1814	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1815	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1816	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1817	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1818	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1819	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1820	28fc.18f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1821	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1822	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1823	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1824	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1825	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1826	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1827	28fc.18f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1828	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1829	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1830	28fc.18f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1831	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
1832	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
1833	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004f8 pwszName=\Device\HarddiskVolume2\Windows\System32\comctl32.dll
1834	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000005fb770
1835	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000005fb770
1836	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5A2FB6B10717AFC03CD9FE6E8F1337A8EA94BF9B
1837	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2864058~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\comctl32.dll'
1838	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1839	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
1840	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1841	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1842	28fc.18f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comctl32.dll)WinVerifyTrust
1843	28fc.18f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comctl32.dll
1844	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1845	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1846	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1847	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1848	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1849	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1850	28fc.18f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1851	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1852	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1853	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1854	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1855	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1856	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1857	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1858	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1859	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1860	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1861	28fc.18f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1862	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1863	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1864	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1865	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1866	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1867	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1868	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1869	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1870	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1871	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1872	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1873	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1874	28fc.18f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1875	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1876	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1877	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
1878	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
1879	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004bc pwszName=\Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1880	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000005fb770
1881	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000005fb770
1882	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B79EE7B5AD74EF51A849809202E043183A2C727E
1883	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\dwmapi.dll'
1884	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1885	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1886	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1887	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1888	28fc.18f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dwmapi.dll)WinVerifyTrust
1889	28fc.18f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1890	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
1891	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
1892	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000500 pwszName=\Device\HarddiskVolume2\Windows\System32\setupapi.dll
1893	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000005fb770
1894	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000005fb770
1895	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1499C4FEA6E143F9BEC35B4FFA098917D3A6EBF2
1896	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\setupapi.dll'
1897	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1898	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'cfgmgr32.dll'.
1899	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcrt.dll'.
1900	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
1901	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
1902	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
1903	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
1904	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'devobj.dll'.
1905	28fc.18f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll)WinVerifyTrust
1906	28fc.18f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
1907	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1908	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1909	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
1910	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume2\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
1911	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004f0 pwszName=\Device\HarddiskVolume2\Windows\System32\dciman32.dll
1912	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000005fb770
1913	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000005fb770
1914	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F097BF0B081F54722F0A01EF1CC13AECA64B12F0
1915	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2847311~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\dciman32.dll'
1916	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1917	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1918	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
1919	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1920	28fc.18f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dciman32.dll)WinVerifyTrust
1921	28fc.18f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dciman32.dll
1922	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1923	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1924	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1925	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1926	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1927	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1928	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1929	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1930	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1931	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1932	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
1933	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
1934	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000050c pwszName=\Device\HarddiskVolume2\Windows\System32\devobj.dll
1935	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000005fb770
1936	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000005fb770
1937	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B410A095222E69F0ECE7D66E4AC27A7125D2EB5A
1938	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\devobj.dll'
1939	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1940	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1941	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'cfgmgr32.dll'.
1942	28fc.18f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\devobj.dll)WinVerifyTrust
1943	28fc.18f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devobj.dll
1944	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1945	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1946	28fc.18f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1947	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1948	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1949	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1950	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1951	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1952	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1953	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1954	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1955	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
1956	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
1957	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000514 pwszName=\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1958	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000005fb770
1959	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000005fb770
1960	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8F731777EFC4BC982C1E1467FBF29A74CC14D93A
1961	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
1962	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1963	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1964	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
1965	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1966	28fc.18f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll)WinVerifyTrust
1967	28fc.18f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1968	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1969	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1970	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1971	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1972	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1973	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1974	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1975	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1976	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1977	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1978	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1979	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1980	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
1981	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
1982	28fc.18f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1983	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1984	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1985	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000098add0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1986	28fc.18f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
1987	28fc.18f8: supR3HardenedDllNotificationCallback: load 000007feed9c0000 LB 0x00871000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
1988	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
1989	28fc.18f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1990	28fc.18f8: supR3HardenedDllNotificationCallback: load 000007fef13d0000 LB 0x0011d000 C:\Windows\system32\OPENGL32.dll [fFlags=0x0]
1991	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1992	28fc.18f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
1993	28fc.18f8: supR3HardenedDllNotificationCallback: load 000007fef85c0000 LB 0x0002d000 C:\Windows\system32\GLU32.dll [fFlags=0x0]
1994	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
1995	28fc.18f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
1996	28fc.18f8: supR3HardenedDllNotificationCallback: load 000007fef1030000 LB 0x000f1000 C:\Windows\system32\DDRAW.dll [fFlags=0x0]
1997	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
1998	28fc.18f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
1999	28fc.18f8: supR3HardenedDllNotificationCallback: load 000007fef85b0000 LB 0x00008000 C:\Windows\system32\DCIMAN32.dll [fFlags=0x0]
2000	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
2001	28fc.18f8: supR3HardenedDllNotificationCallback: load 000007fefe460000 LB 0x001d7000 C:\Windows\system32\SETUPAPI.dll [fFlags=0x0]
2002	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2003	28fc.18f8: supR3HardenedDllNotificationCallback: load 000007fefd0b0000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
2004	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2005	28fc.18f8: supR3HardenedDllNotificationCallback: load 000007fefe640000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
2006	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2007	28fc.18f8: supR3HardenedDllNotificationCallback: load 000007fefeca0000 LB 0x00203000 C:\Windows\system32\ole32.dll [fFlags=0x0]
2008	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2009	28fc.18f8: supR3HardenedDllNotificationCallback: load 000007fefd280000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
2010	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
2011	28fc.18f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
2012	28fc.18f8: supR3HardenedDllNotificationCallback: load 000007fefb260000 LB 0x00018000 C:\Windows\system32\dwmapi.dll [fFlags=0x0]
2013	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
2014	28fc.18f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
2015	28fc.18f8: supR3HardenedDllNotificationCallback: load 000000006e2a0000 LB 0x002de000 C:\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [fFlags=0x0]
2016	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
2017	28fc.18f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
2018	28fc.18f8: supR3HardenedDllNotificationCallback: load 000000006d930000 LB 0x00969000 C:\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [fFlags=0x0]
2019	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
2020	28fc.18f8: supR3HardenedDllNotificationCallback: load 000007fefd3d0000 LB 0x00097000 C:\Windows\system32\COMDLG32.dll [fFlags=0x0]
2021	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
2022	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
2023	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
2024	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2025	28fc.18f8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll)
2026	28fc.18f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll
2027	28fc.18f8: supR3HardenedDllNotificationCallback: load 000007fef7fe0000 LB 0x000a0000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\COMCTL32.dll [fFlags=0x0]
2028	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll [avoiding WinVerifyTrust]
2029	28fc.18f8: supR3HardenedDllNotificationCallback: load 000007fefd470000 LB 0x00d88000 C:\Windows\system32\SHELL32.dll [fFlags=0x0]
2030	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2031	28fc.18f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2032	28fc.18f8: supR3HardenedDllNotificationCallback: load 000007fefa3c0000 LB 0x0003b000 C:\Windows\system32\WINMM.dll [fFlags=0x0]
2033	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2034	28fc.18f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
2035	28fc.18f8: supR3HardenedDllNotificationCallback: load 000007fef7db0000 LB 0x00071000 C:\Windows\system32\WINSPOOL.DRV [fFlags=0x0]
2036	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
2037	28fc.18f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
2038	28fc.18f8: supR3HardenedDllNotificationCallback: load 000000006fa40000 LB 0x00105000 C:\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll [fFlags=0x0]
2039	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
2040	28fc.18f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
2041	28fc.18f8: supR3HardenedDllNotificationCallback: load 000000006d850000 LB 0x000dc000 C:\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll [fFlags=0x0]
2042	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
2043	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000504 pwszName=\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll
2044	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000005fb770
2045	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000005fb770
2046	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5A2FB6B10717AFC03CD9FE6E8F1337A8EA94BF9B
2047	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2864058~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll'
2048	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2049	28fc.18f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll'
2050	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
2051	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2052	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2053	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2054	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2055	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2056	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2057	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000098b1c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2058	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe840000 'C:\Windows\system32\imm32.dll'
2059	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed9c0000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
2060	28fc.18f8: SUPR3HardenedMain: Calling TrustedMain (000007feed9c1ca0)...
2061	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2062	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000098add0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2063	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3c0000 'C:\Windows\system32\winmm.dll'
2064	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
2065	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000098add0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2066	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcdb0000 'C:\Windows\system32\CRYPTBASE.dll'
2067	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2068	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000098add0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2069	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd470000 'C:\Windows\system32\shell32.dll'
2070	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2071	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000098add0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2072	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077070000 'C:\Windows\system32\kernel32.dll'
2073	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005b8 pwszName=\Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2074	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000005fb770
2075	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000005fb770
2076	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=936D45CC7026757A151F62882B557DD75D5FCB21
2077	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\uxtheme.dll'
2078	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2079	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2080	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
2081	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
2082	28fc.18f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll)WinVerifyTrust
2083	28fc.18f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2084	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2085	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2086	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2087	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2088	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2089	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2090	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000098add0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2091	28fc.18f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2092	28fc.18f8: supR3HardenedDllNotificationCallback: load 000007fefb690000 LB 0x00056000 C:\Windows\system32\uxtheme.dll [fFlags=0x0]
2093	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2094	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb690000 'C:\Windows\system32\uxtheme.dll'
2095	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2096	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000098add0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2097	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb690000 'C:\Windows\system32\uxtheme.dll'
2098	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
2099	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000098add0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2100	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll'
2101	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076f70000 'C:\Windows\system32\user32.dll'
2102	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2103	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000098add0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2104	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb690000 'C:\Windows\system32\uxtheme.dll'
2105	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076f70000 'C:\Windows\system32\user32.dll'
2106	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeb50000 'C:\Windows\system32\advapi32.dll'
2107	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
2108	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000098add0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2109	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcff0000 'C:\Windows\system32\userenv.dll'
2110	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2111	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000098add0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2112	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077070000 'C:\Windows\system32\kernel32.dll'
2113	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005f0 pwszName=\Device\HarddiskVolume2\Windows\System32\clbcatq.dll
2114	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000005fb770
2115	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000005fb770
2116	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B01469787CE9D8C6FEE98FB207652B88B8494526
2117	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\clbcatq.dll'
2118	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2119	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2120	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
2121	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2122	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
2123	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
2124	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
2125	28fc.18f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clbcatq.dll)WinVerifyTrust
2126	28fc.18f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
2127	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2128	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2129	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2130	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2131	28fc.18f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2132	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2133	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2134	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2135	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2136	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2137	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2138	28fc.18f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2139	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2140	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2141	28fc.18f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
2142	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CLBCatQ.DLL (Input=CLBCatQ.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000098add0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2143	28fc.18f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
2144	28fc.18f8: supR3HardenedDllNotificationCallback: load 000007fefd310000 LB 0x00099000 C:\Windows\system32\CLBCatQ.DLL [fFlags=0x0]
2145	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
2146	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd310000 'C:\Windows\system32\CLBCatQ.DLL'
2147	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2148	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000098b520:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2149	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeb50000 'C:\Windows\system32\ADVAPI32.dll'
2150	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
2151	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000098b400:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2152	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc750000 'C:\Windows\system32\CRYPTSP.dll'
2153	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000610 pwszName=\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
2154	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000005fb770
2155	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000005fb770
2156	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DFC4A7C7E103D324218E6EF5D219B953746D6EC1
2157	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll'
2158	28fc.18f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2159	28fc.18f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
2160	28fc.18f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll)WinVerifyTrust
2161	28fc.18f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
2162	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2163	28fc.18f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2164	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\RpcRtRemote.dll (Input=RpcRtRemote.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000098b400:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2165	28fc.18f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
2166	28fc.18f8: supR3HardenedDllNotificationCallback: load 000007fefce60000 LB 0x00014000 C:\Windows\system32\RpcRtRemote.dll [fFlags=0x0]
2167	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
2168	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefce60000 'C:\Windows\system32\RpcRtRemote.dll'
2169	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff3b0000 'C:\Windows\system32\gdi32.dll'
2170	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2171	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000098b880:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2172	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd470000 'C:\Windows\system32\shell32.dll'
2173	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2174	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000098b880:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2175	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd470000 'C:\Windows\system32\shell32.dll'
2176	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2177	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000098b880:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2178	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd470000 'C:\Windows\system32\shell32.dll'
2179	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2180	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000098b880:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2181	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd470000 'C:\Windows\system32\shell32.dll'
2182	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd470000 'C:\Windows\system32\shell32.dll'
2183	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd470000 'C:\Windows\system32\shell32.dll'
2184	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
2185	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000098b880:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2186	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll'
2187	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076f70000 'C:\Windows\system32\user32.dll'
2188	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2189	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000098b880:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2190	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeca0000 'C:\Windows\system32\ole32.dll'
2191	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2192	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000098bac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2193	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeca0000 'C:\Windows\system32\ole32.dll'
2194	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msctf.dll
2195	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006b69d0:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2196	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe910000 'C:\Windows\system32\MSCTF.dll'
2197	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: 'C:\Windows\system32\comctl32.dll' -> 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll' [redir]
2198	28fc.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll
2199	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll (Input=C:\Windows\system32\comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000098bac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2200	28fc.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7fe0000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll'
2201	28fc.18f8: Terminating the normal way: rcExit=1
2202	1d08.99c: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 8773 ms, the end);
2203	1558.1090: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 9371 ms, the end);

Download in other formats:

Original Format