VirtualBox

Ticket #13187: VBoxStartup.8.log

File VBoxStartup.8.log, 67.6 KB (added by edgar_, 10 years ago)

VBox 4.3.20 log

Line 
1b90.1a60: Log file opened: 4.3.20r96997 g_hStartupLog=00000000000000fc g_uNtVerCombined=0x611db110
2b90.1a60: \SystemRoot\System32\ntdll.dll:
3b90.1a60: CreationTime: 2013-10-11T23:24:43.882378100Z
4b90.1a60: LastWriteTime: 2013-08-29T02:21:43.800548200Z
5b90.1a60: ChangeTime: 2013-10-12T03:48:06.735171200Z
6b90.1a60: FileAttributes: 0x20
7b90.1a60: Size: 0x1a83d8
8b90.1a60: NT Headers: 0xe0
9b90.1a60: Timestamp: 0x521eb03f
10b90.1a60: Machine: 0x8664 - amd64
11b90.1a60: Timestamp: 0x521eb03f
12b90.1a60: Image Version: 6.1
13b90.1a60: SizeOfImage: 0x1aa000 (1744896)
14b90.1a60: Resource Dir: 0x152000 LB 0x560d8
15b90.1a60: ProductName: Microsoft® Windows® Operating System
16b90.1a60: ProductVersion: 6.1.7601.22436
17b90.1a60: FileVersion: 6.1.7601.22436 (win7sp1_ldr.130828-1532)
18b90.1a60: FileDescription: NT Layer DLL
19b90.1a60: \SystemRoot\System32\kernel32.dll:
20b90.1a60: CreationTime: 2014-04-22T20:27:26.301334700Z
21b90.1a60: LastWriteTime: 2014-03-04T09:44:00.336000000Z
22b90.1a60: ChangeTime: 2014-04-22T23:49:45.884534200Z
23b90.1a60: FileAttributes: 0x20
24b90.1a60: Size: 0x11c000
25b90.1a60: NT Headers: 0xe8
26b90.1a60: Timestamp: 0x5315a059
27b90.1a60: Machine: 0x8664 - amd64
28b90.1a60: Timestamp: 0x5315a059
29b90.1a60: Image Version: 6.1
30b90.1a60: SizeOfImage: 0x11f000 (1175552)
31b90.1a60: Resource Dir: 0x116000 LB 0x528
32b90.1a60: ProductName: Microsoft® Windows® Operating System
33b90.1a60: ProductVersion: 6.1.7601.18409
34b90.1a60: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144)
35b90.1a60: FileDescription: Windows NT BASE API Client DLL
36b90.1a60: \SystemRoot\System32\KernelBase.dll:
37b90.1a60: CreationTime: 2014-05-16T18:03:18.538638200Z
38b90.1a60: LastWriteTime: 2014-03-04T09:44:00.336000000Z
39b90.1a60: ChangeTime: 2014-05-16T22:13:41.537038200Z
40b90.1a60: FileAttributes: 0x20
41b90.1a60: Size: 0x67c00
42b90.1a60: NT Headers: 0xe8
43b90.1a60: Timestamp: 0x5315a05a
44b90.1a60: Machine: 0x8664 - amd64
45b90.1a60: Timestamp: 0x5315a05a
46b90.1a60: Image Version: 6.1
47b90.1a60: SizeOfImage: 0x6c000 (442368)
48b90.1a60: Resource Dir: 0x6a000 LB 0x530
49b90.1a60: ProductName: Microsoft® Windows® Operating System
50b90.1a60: ProductVersion: 6.1.7601.18409
51b90.1a60: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144)
52b90.1a60: FileDescription: Windows NT BASE API Client DLL
53b90.1a60: \SystemRoot\System32\apisetschema.dll:
54b90.1a60: CreationTime: 2014-05-16T18:03:24.387138200Z
55b90.1a60: LastWriteTime: 2014-04-12T02:28:22.719000000Z
56b90.1a60: ChangeTime: 2014-05-16T22:13:41.240638200Z
57b90.1a60: FileAttributes: 0x20
58b90.1a60: Size: 0x1a00
59b90.1a60: NT Headers: 0xc0
60b90.1a60: Timestamp: 0x5348a50b
61b90.1a60: Machine: 0x8664 - amd64
62b90.1a60: Timestamp: 0x5348a50b
63b90.1a60: Image Version: 6.1
64b90.1a60: SizeOfImage: 0x50000 (327680)
65b90.1a60: Resource Dir: 0x30000 LB 0x3f8
66b90.1a60: ProductName: Microsoft® Windows® Operating System
67b90.1a60: ProductVersion: 6.1.7601.22653
68b90.1a60: FileVersion: 6.1.7601.22653 (win7sp1_ldr.140411-1533)
69b90.1a60: FileDescription: ApiSet Schema DLL
70b90.1a60: NtOpenDirectoryObject failed on \Driver: 0xc0000022
71b90.1a60: supR3HardenedWinFindAdversaries: 0x400
72b90.1a60: \SystemRoot\System32\drivers\MpFilter.sys:
73b90.1a60: CreationTime: 2014-07-17T16:05:06.000000000Z
74b90.1a60: LastWriteTime: 2014-07-17T16:05:06.000000000Z
75b90.1a60: ChangeTime: 2014-10-22T13:04:59.820803700Z
76b90.1a60: FileAttributes: 0x20
77b90.1a60: Size: 0x41ad0
78b90.1a60: NT Headers: 0xf0
79b90.1a60: Timestamp: 0x53bdfdba
80b90.1a60: Machine: 0x8664 - amd64
81b90.1a60: Timestamp: 0x53bdfdba
82b90.1a60: Image Version: 6.3
83b90.1a60: SizeOfImage: 0x42000 (270336)
84b90.1a60: Resource Dir: 0x40000 LB 0xd50
85b90.1a60: ProductName: Microsoft Malware Protection
86b90.1a60: ProductVersion: 4.6.0300.0
87b90.1a60: FileVersion: 4.6.0300.0
88b90.1a60: FileDescription: Microsoft antimalware file system filter driver
89b90.1a60: \SystemRoot\System32\drivers\NisDrvWFP.sys:
90b90.1a60: CreationTime: 2010-10-24T19:25:38.000000000Z
91b90.1a60: LastWriteTime: 2014-07-17T16:05:06.000000000Z
92b90.1a60: ChangeTime: 2014-10-22T13:04:58.903636900Z
93b90.1a60: FileAttributes: 0x20
94b90.1a60: Size: 0x1ea90
95b90.1a60: NT Headers: 0xe0
96b90.1a60: Timestamp: 0x53bdfde3
97b90.1a60: Machine: 0x8664 - amd64
98b90.1a60: Timestamp: 0x53bdfde3
99b90.1a60: Image Version: 6.3
100b90.1a60: SizeOfImage: 0x1f000 (126976)
101b90.1a60: Resource Dir: 0x1c000 LB 0x1b90
102b90.1a60: ProductName: Microsoft Malware Protection
103b90.1a60: ProductVersion: 4.6.0300.0
104b90.1a60: FileVersion: 4.6.0300.0
105b90.1a60: FileDescription: Microsoft Network Realtime Inspection Driver
106b90.1a60: Calling main()
107b90.1a60: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
108b90.1a60: SUPR3HardenedMain: Respawn #1
109b90.1a60: System32: \Device\HarddiskVolume1\Windows\System32
110b90.1a60: WinSxS: \Device\HarddiskVolume1\Windows\winsxs
111b90.1a60: KnownDllPath: C:\Windows\system32
112b90.1a60: '\Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VirtualBox.exe' has no imports
113b90.1a60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VirtualBox.exe)
114b90.1a60: supR3HardNtEnableThreadCreation:
115b90.1a60: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000077b6b800 pvNtTerminateThread=0000000077b90ae0
116b90.1a60: supR3HardenedWinDoReSpawn(1): New child 8ec.1b00 [kernel32].
117b90.1a60: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdf000 cbPeb=0x380
118b90.1a60: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077b40000 uNtDllChildAddr=0000000077b40000
119b90.1a60: supR3HardenedWinSetupChildInit: uLdrInitThunk=0000000077b6b800
120b90.1a60: supR3HardenedWinSetupChildInit: Start child.
121b90.1a60: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
122b90.1a60: supR3HardNtChildPurify: Startup delay kludge #1/0: 516 ms, 62 sleeps
123b90.1a60: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
124b90.1a60: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
125b90.1a60: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
126b90.1a60: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
127b90.1a60: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
128b90.1a60: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
129b90.1a60: 0000000000041000-0000000000031fff 0x0001/0x0000 0x0000000
130b90.1a60: *0000000000050000-000000000004efff 0x0004/0x0004 0x0020000
131b90.1a60: 0000000000051000-fffffffffff71fff 0x0001/0x0000 0x0000000
132b90.1a60: *0000000000130000-0000000000033fff 0x0000/0x0004 0x0020000
133b90.1a60: 000000000022c000-0000000000228fff 0x0104/0x0004 0x0020000
134b90.1a60: 000000000022f000-000000000022dfff 0x0004/0x0004 0x0020000
135b90.1a60: 0000000000230000-ffffffff8891ffff 0x0001/0x0000 0x0000000
136b90.1a60: *0000000077b40000-0000000077b3efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
137b90.1a60: 0000000077b41000-0000000077a3ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
138b90.1a60: 0000000077c42000-0000000077c12fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
139b90.1a60: 0000000077c71000-0000000077c66fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
140b90.1a60: 0000000077c7b000-0000000077c79fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
141b90.1a60: 0000000077c7c000-0000000077c78fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
142b90.1a60: 0000000077c7f000-0000000077c13fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
143b90.1a60: 0000000077cea000-00000000709f3fff 0x0001/0x0000 0x0000000
144b90.1a60: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
145b90.1a60: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
146b90.1a60: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
147b90.1a60: 000000007fff0000-ffffffffc048ffff 0x0001/0x0000 0x0000000
148b90.1a60: *000000013fb50000-000000013fb4efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VirtualBox.exe
149b90.1a60: 000000013fb51000-000000013faccfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VirtualBox.exe
150b90.1a60: 000000013fbd5000-000000013fbd3fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VirtualBox.exe
151b90.1a60: 000000013fbd6000-000000013fb98fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VirtualBox.exe
152b90.1a60: 000000013fc13000-000000013fc11fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VirtualBox.exe
153b90.1a60: 000000013fc14000-000000013fc12fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VirtualBox.exe
154b90.1a60: 000000013fc15000-000000013fc12fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VirtualBox.exe
155b90.1a60: 000000013fc17000-000000013fc15fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VirtualBox.exe
156b90.1a60: 000000013fc18000-000000013fc16fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VirtualBox.exe
157b90.1a60: 000000013fc19000-000000013fc14fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VirtualBox.exe
158b90.1a60: 000000013fc1d000-000000013fbe3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VirtualBox.exe
159b90.1a60: 000000013fc56000-fffff8037fa4bfff 0x0001/0x0000 0x0000000
160b90.1a60: *000007feffe60000-000007feffe5efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\apisetschema.dll
161b90.1a60: 000007feffe61000-000007fdffd11fff 0x0001/0x0000 0x0000000
162b90.1a60: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
163b90.1a60: 000007fffffd3000-000007fffffc8fff 0x0001/0x0000 0x0000000
164b90.1a60: *000007fffffdd000-000007fffffdafff 0x0004/0x0004 0x0020000
165b90.1a60: *000007fffffdf000-000007fffffddfff 0x0004/0x0004 0x0020000
166b90.1a60: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
167b90.1a60: apisetschema.dll: timestamp 0x5348a50b (rc=VINF_SUCCESS)
168b90.1a60: VirtualBox.exe: timestamp 0x54731167 (rc=VINF_SUCCESS)
169b90.1a60: '\Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VirtualBox.exe' has no imports
170b90.1a60: '\Device\HarddiskVolume1\Windows\System32\apisetschema.dll' has no imports
171b90.1a60: '\Device\HarddiskVolume1\Windows\System32\ntdll.dll' has no imports
172b90.1a60: supR3HardNtChildPurify: Done after 536 ms and 0 fixes (loop #0).
173b90.1a60: supR3HardNtEnableThreadCreation:
1748ec.1b00: Log file opened: 4.3.20r96997 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db110
1758ec.1b00: supR3HardenedVmProcessInit: uNtDllAddr=0000000077b40000
1768ec.1b00: ntdll.dll: timestamp 0x521eb03f (rc=VINF_SUCCESS)
1778ec.1b00: New simple heap: #1 0000000000330000 LB 0x400000 (for 1744896 allocation)
1788ec.1b00: System32: \Device\HarddiskVolume1\Windows\System32
1798ec.1b00: WinSxS: \Device\HarddiskVolume1\Windows\winsxs
1808ec.1b00: KnownDllPath: C:\Windows\system32
1818ec.1b00: supR3HardenedVmProcessInit: Opening vboxdrv stub...
1828ec.1b00: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
1838ec.1b00: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
1848ec.1b00: Registered Dll notification callback with NTDLL.
1858ec.1b00: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\kernel32.dll)
1868ec.1b00: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\kernel32.dll
1878ec.1b00: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
1888ec.1b00: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
1898ec.1b00: supR3HardenedDllNotificationCallback: load 0000000077a20000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
1908ec.1b00: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
1918ec.1b00: supR3HardenedDllNotificationCallback: load 000007fefdc80000 LB 0x0006c000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
1928ec.1b00: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\KernelBase.dll)
1938ec.1b00: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
1948ec.1b00: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077a20000 'C:\Windows\system32\kernel32.dll'
1958ec.1b00: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000077b6b800 pvNtTerminateThread=0000000077b90ae0
1968ec.1b00: \SystemRoot\System32\ntdll.dll:
1978ec.1b00: CreationTime: 2013-10-11T23:24:43.882378100Z
1988ec.1b00: LastWriteTime: 2013-08-29T02:21:43.800548200Z
1998ec.1b00: ChangeTime: 2013-10-12T03:48:06.735171200Z
2008ec.1b00: FileAttributes: 0x20
2018ec.1b00: Size: 0x1a83d8
2028ec.1b00: NT Headers: 0xe0
2038ec.1b00: Timestamp: 0x521eb03f
2048ec.1b00: Machine: 0x8664 - amd64
2058ec.1b00: Timestamp: 0x521eb03f
2068ec.1b00: Image Version: 6.1
2078ec.1b00: SizeOfImage: 0x1aa000 (1744896)
2088ec.1b00: Resource Dir: 0x152000 LB 0x560d8
2098ec.1b00: ProductName: Microsoft® Windows® Operating System
2108ec.1b00: ProductVersion: 6.1.7601.22436
2118ec.1b00: FileVersion: 6.1.7601.22436 (win7sp1_ldr.130828-1532)
2128ec.1b00: FileDescription: NT Layer DLL
213b90.1a60: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 152 ms.
2148ec.1b00: \SystemRoot\System32\kernel32.dll:
2158ec.1b00: CreationTime: 2014-04-22T20:27:26.301334700Z
2168ec.1b00: LastWriteTime: 2014-03-04T09:44:00.336000000Z
2178ec.1b00: ChangeTime: 2014-04-22T23:49:45.884534200Z
2188ec.1b00: FileAttributes: 0x20
2198ec.1b00: Size: 0x11c000
2208ec.1b00: NT Headers: 0xe8
2218ec.1b00: Timestamp: 0x5315a059
2228ec.1b00: Machine: 0x8664 - amd64
2238ec.1b00: Timestamp: 0x5315a059
2248ec.1b00: Image Version: 6.1
2258ec.1b00: SizeOfImage: 0x11f000 (1175552)
2268ec.1b00: Resource Dir: 0x116000 LB 0x528
2278ec.1b00: ProductName: Microsoft® Windows® Operating System
2288ec.1b00: ProductVersion: 6.1.7601.18409
2298ec.1b00: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144)
2308ec.1b00: FileDescription: Windows NT BASE API Client DLL
2318ec.1b00: \SystemRoot\System32\KernelBase.dll:
2328ec.1b00: CreationTime: 2014-05-16T18:03:18.538638200Z
2338ec.1b00: LastWriteTime: 2014-03-04T09:44:00.336000000Z
2348ec.1b00: ChangeTime: 2014-05-16T22:13:41.537038200Z
2358ec.1b00: FileAttributes: 0x20
2368ec.1b00: Size: 0x67c00
2378ec.1b00: NT Headers: 0xe8
2388ec.1b00: Timestamp: 0x5315a05a
2398ec.1b00: Machine: 0x8664 - amd64
2408ec.1b00: Timestamp: 0x5315a05a
2418ec.1b00: Image Version: 6.1
2428ec.1b00: SizeOfImage: 0x6c000 (442368)
2438ec.1b00: Resource Dir: 0x6a000 LB 0x530
2448ec.1b00: ProductName: Microsoft® Windows® Operating System
2458ec.1b00: ProductVersion: 6.1.7601.18409
2468ec.1b00: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144)
2478ec.1b00: FileDescription: Windows NT BASE API Client DLL
2488ec.1b00: \SystemRoot\System32\apisetschema.dll:
2498ec.1b00: CreationTime: 2014-05-16T18:03:24.387138200Z
2508ec.1b00: LastWriteTime: 2014-04-12T02:28:22.719000000Z
2518ec.1b00: ChangeTime: 2014-05-16T22:13:41.240638200Z
2528ec.1b00: FileAttributes: 0x20
2538ec.1b00: Size: 0x1a00
2548ec.1b00: NT Headers: 0xc0
2558ec.1b00: Timestamp: 0x5348a50b
2568ec.1b00: Machine: 0x8664 - amd64
2578ec.1b00: Timestamp: 0x5348a50b
2588ec.1b00: Image Version: 6.1
2598ec.1b00: SizeOfImage: 0x50000 (327680)
2608ec.1b00: Resource Dir: 0x30000 LB 0x3f8
2618ec.1b00: ProductName: Microsoft® Windows® Operating System
2628ec.1b00: ProductVersion: 6.1.7601.22653
2638ec.1b00: FileVersion: 6.1.7601.22653 (win7sp1_ldr.140411-1533)
2648ec.1b00: FileDescription: ApiSet Schema DLL
2658ec.1b00: NtOpenDirectoryObject failed on \Driver: 0xc0000022
2668ec.1b00: supR3HardenedWinFindAdversaries: 0x400
2678ec.1b00: \SystemRoot\System32\drivers\MpFilter.sys:
2688ec.1b00: CreationTime: 2014-07-17T16:05:06.000000000Z
2698ec.1b00: LastWriteTime: 2014-07-17T16:05:06.000000000Z
2708ec.1b00: ChangeTime: 2014-10-22T13:04:59.820803700Z
2718ec.1b00: FileAttributes: 0x20
2728ec.1b00: Size: 0x41ad0
2738ec.1b00: NT Headers: 0xf0
2748ec.1b00: Timestamp: 0x53bdfdba
2758ec.1b00: Machine: 0x8664 - amd64
2768ec.1b00: Timestamp: 0x53bdfdba
2778ec.1b00: Image Version: 6.3
2788ec.1b00: SizeOfImage: 0x42000 (270336)
2798ec.1b00: Resource Dir: 0x40000 LB 0xd50
2808ec.1b00: ProductName: Microsoft Malware Protection
2818ec.1b00: ProductVersion: 4.6.0300.0
2828ec.1b00: FileVersion: 4.6.0300.0
2838ec.1b00: FileDescription: Microsoft antimalware file system filter driver
2848ec.1b00: \SystemRoot\System32\drivers\NisDrvWFP.sys:
2858ec.1b00: CreationTime: 2010-10-24T19:25:38.000000000Z
2868ec.1b00: LastWriteTime: 2014-07-17T16:05:06.000000000Z
2878ec.1b00: ChangeTime: 2014-10-22T13:04:58.903636900Z
2888ec.1b00: FileAttributes: 0x20
2898ec.1b00: Size: 0x1ea90
2908ec.1b00: NT Headers: 0xe0
2918ec.1b00: Timestamp: 0x53bdfde3
2928ec.1b00: Machine: 0x8664 - amd64
2938ec.1b00: Timestamp: 0x53bdfde3
2948ec.1b00: Image Version: 6.3
2958ec.1b00: SizeOfImage: 0x1f000 (126976)
2968ec.1b00: Resource Dir: 0x1c000 LB 0x1b90
2978ec.1b00: ProductName: Microsoft Malware Protection
2988ec.1b00: ProductVersion: 4.6.0300.0
2998ec.1b00: FileVersion: 4.6.0300.0
3008ec.1b00: FileDescription: Microsoft Network Realtime Inspection Driver
3018ec.1b00: Calling main()
3028ec.1b00: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
3038ec.1b00: '\Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VirtualBox.exe' has no imports
3048ec.1b00: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VirtualBox.exe)
3058ec.1b00: SUPR3HardenedMain: Respawn #2
3068ec.1b00: supR3HardNtEnableThreadCreation:
3078ec.1b00: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3088ec.1b00: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
3098ec.1b00: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\advapi32.dll)
3108ec.1b00: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\advapi32.dll
3118ec.1b00: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3128ec.1b00: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3138ec.1b00: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll)
3148ec.1b00: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll
3158ec.1b00: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3168ec.1b00: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3178ec.1b00: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\msvcrt.dll)
3188ec.1b00: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msvcrt.dll
3198ec.1b00: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x1000 pwszSearchPath=0000000000000000:<flags> [calling]
3208ec.1b00: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
3218ec.1b00: supR3HardenedDllNotificationCallback: load 000007fefdf50000 LB 0x000db000 C:\Windows\system32\ADVAPI32.DLL [fFlags=0x0]
3228ec.1b00: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
3238ec.1b00: supR3HardenedDllNotificationCallback: load 000007fefe600000 LB 0x0009f000 C:\Windows\system32\msvcrt.dll [fFlags=0x0]
3248ec.1b00: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
3258ec.1b00: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
3268ec.1b00: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
3278ec.1b00: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\sechost.dll)
3288ec.1b00: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\sechost.dll
3298ec.1b00: supR3HardenedDllNotificationCallback: load 000007feff920000 LB 0x0001f000 C:\Windows\SYSTEM32\sechost.dll [fFlags=0x0]
3308ec.1b00: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\sechost.dll [lacks WinVerifyTrust]
3318ec.1b00: supR3HardenedDllNotificationCallback: load 000007feffb30000 LB 0x0012d000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0]
3328ec.1b00: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
3338ec.1b00: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf50000 'C:\Windows\system32\ADVAPI32.DLL'
3348ec.1b00: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\apphelp.dll)
3358ec.1b00: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\apphelp.dll
3368ec.1b00: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3378ec.1b00: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3388ec.1b00: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
3398ec.1b00: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3408ec.1b00: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3418ec.1b00: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
3428ec.1b00: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
3438ec.1b00: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
3448ec.1b00: supR3HardenedDllNotificationCallback: load 000007fefd890000 LB 0x00057000 C:\Windows\system32\apphelp.dll [fFlags=0x0]
3458ec.1b00: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
3468ec.1b00: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd890000 'C:\Windows\system32\apphelp.dll'
3478ec.1b00: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000077b6b800 pvNtTerminateThread=0000000077b90ae0
3488ec.1b00: supR3HardenedWinDoReSpawn(2): New child 1c40.1db4 [kernel32].
3498ec.1b00: supR3HardNtChildGatherData: PebBaseAddress=000007fffffd8000 cbPeb=0x380
3508ec.1b00: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077b40000 uNtDllChildAddr=0000000077b40000
3518ec.1b00: supR3HardenedWinSetupChildInit: uLdrInitThunk=0000000077b6b800
3528ec.1b00: supR3HardenedWinSetupChildInit: Start child.
3538ec.1b00: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
3548ec.1b00: supR3HardNtChildPurify: Startup delay kludge #1/0: 520 ms, 65 sleeps
3558ec.1b00: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
3568ec.1b00: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
3578ec.1b00: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
3588ec.1b00: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
3598ec.1b00: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
3608ec.1b00: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
3618ec.1b00: 0000000000041000-0000000000031fff 0x0001/0x0000 0x0000000
3628ec.1b00: *0000000000050000-000000000004efff 0x0004/0x0004 0x0020000
3638ec.1b00: 0000000000051000-ffffffffffea1fff 0x0001/0x0000 0x0000000
3648ec.1b00: *0000000000200000-0000000000103fff 0x0000/0x0004 0x0020000
3658ec.1b00: 00000000002fc000-00000000002f8fff 0x0104/0x0004 0x0020000
3668ec.1b00: 00000000002ff000-00000000002fdfff 0x0004/0x0004 0x0020000
3678ec.1b00: 0000000000300000-ffffffff88abffff 0x0001/0x0000 0x0000000
3688ec.1b00: *0000000077b40000-0000000077b3efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
3698ec.1b00: 0000000077b41000-0000000077a3ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
3708ec.1b00: 0000000077c42000-0000000077c12fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
3718ec.1b00: 0000000077c71000-0000000077c66fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
3728ec.1b00: 0000000077c7b000-0000000077c79fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
3738ec.1b00: 0000000077c7c000-0000000077c78fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
3748ec.1b00: 0000000077c7f000-0000000077c13fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
3758ec.1b00: 0000000077cea000-00000000709f3fff 0x0001/0x0000 0x0000000
3768ec.1b00: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
3778ec.1b00: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
3788ec.1b00: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
3798ec.1b00: 000000007fff0000-ffffffffc048ffff 0x0001/0x0000 0x0000000
3808ec.1b00: *000000013fb50000-000000013fb4efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VirtualBox.exe
3818ec.1b00: 000000013fb51000-000000013faccfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VirtualBox.exe
3828ec.1b00: 000000013fbd5000-000000013fbd3fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VirtualBox.exe
3838ec.1b00: 000000013fbd6000-000000013fb98fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VirtualBox.exe
3848ec.1b00: 000000013fc13000-000000013fc11fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VirtualBox.exe
3858ec.1b00: 000000013fc14000-000000013fc12fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VirtualBox.exe
3868ec.1b00: 000000013fc15000-000000013fc12fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VirtualBox.exe
3878ec.1b00: 000000013fc17000-000000013fc15fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VirtualBox.exe
3888ec.1b00: 000000013fc18000-000000013fc16fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VirtualBox.exe
3898ec.1b00: 000000013fc19000-000000013fc14fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VirtualBox.exe
3908ec.1b00: 000000013fc1d000-000000013fbe3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VirtualBox.exe
3918ec.1b00: 000000013fc56000-fffff8037fa4bfff 0x0001/0x0000 0x0000000
3928ec.1b00: *000007feffe60000-000007feffe5efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\apisetschema.dll
3938ec.1b00: 000007feffe61000-000007fdffd11fff 0x0001/0x0000 0x0000000
3948ec.1b00: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
3958ec.1b00: 000007fffffd3000-000007fffffcdfff 0x0001/0x0000 0x0000000
3968ec.1b00: *000007fffffd8000-000007fffffd6fff 0x0004/0x0004 0x0020000
3978ec.1b00: 000007fffffd9000-000007fffffd3fff 0x0001/0x0000 0x0000000
3988ec.1b00: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
3998ec.1b00: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
4008ec.1b00: apisetschema.dll: timestamp 0x5348a50b (rc=VINF_SUCCESS)
4018ec.1b00: VirtualBox.exe: timestamp 0x54731167 (rc=VINF_SUCCESS)
4028ec.1b00: '\Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VirtualBox.exe' has no imports
4038ec.1b00: '\Device\HarddiskVolume1\Windows\System32\apisetschema.dll' has no imports
4048ec.1b00: '\Device\HarddiskVolume1\Windows\System32\ntdll.dll' has no imports
4058ec.1b00: supR3HardNtChildPurify: Done after 556 ms and 0 fixes (loop #0).
4068ec.1b00: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000330000 LB 0x400000)
4078ec.1b00: supR3HardNtEnableThreadCreation:
4081c40.1db4: Log file opened: 4.3.20r96997 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db110
4091c40.1db4: supR3HardenedVmProcessInit: uNtDllAddr=0000000077b40000
4101c40.1db4: ntdll.dll: timestamp 0x521eb03f (rc=VINF_SUCCESS)
4111c40.1db4: New simple heap: #1 0000000000300000 LB 0x400000 (for 1744896 allocation)
4121c40.1db4: System32: \Device\HarddiskVolume1\Windows\System32
4131c40.1db4: WinSxS: \Device\HarddiskVolume1\Windows\winsxs
4141c40.1db4: KnownDllPath: C:\Windows\system32
4151c40.1db4: supR3HardenedVmProcessInit: Opening vboxdrv...
4161c40.1db4: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
4171c40.1db4: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
4181c40.1db4: Registered Dll notification callback with NTDLL.
4191c40.1db4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\kernel32.dll)
4201c40.1db4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\kernel32.dll
4211c40.1db4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
4221c40.1db4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
4231c40.1db4: supR3HardenedDllNotificationCallback: load 0000000077a20000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
4241c40.1db4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
4251c40.1db4: supR3HardenedDllNotificationCallback: load 000007fefdc80000 LB 0x0006c000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
4261c40.1db4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\KernelBase.dll)
4271c40.1db4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
4281c40.1db4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077a20000 'C:\Windows\system32\kernel32.dll'
4291c40.1db4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000077b6b800 pvNtTerminateThread=0000000077b90ae0
4301c40.1db4: \SystemRoot\System32\ntdll.dll:
4318ec.1b00: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 164 ms.
4321c40.1db4: CreationTime: 2013-10-11T23:24:43.882378100Z
4331c40.1db4: LastWriteTime: 2013-08-29T02:21:43.800548200Z
4341c40.1db4: ChangeTime: 2013-10-12T03:48:06.735171200Z
4351c40.1db4: FileAttributes: 0x20
4361c40.1db4: Size: 0x1a83d8
4371c40.1db4: NT Headers: 0xe0
4381c40.1db4: Timestamp: 0x521eb03f
4391c40.1db4: Machine: 0x8664 - amd64
4401c40.1db4: Timestamp: 0x521eb03f
4411c40.1db4: Image Version: 6.1
4421c40.1db4: SizeOfImage: 0x1aa000 (1744896)
4431c40.1db4: Resource Dir: 0x152000 LB 0x560d8
4441c40.1db4: ProductName: Microsoft® Windows® Operating System
4451c40.1db4: ProductVersion: 6.1.7601.22436
4461c40.1db4: FileVersion: 6.1.7601.22436 (win7sp1_ldr.130828-1532)
4471c40.1db4: FileDescription: NT Layer DLL
4481c40.1db4: \SystemRoot\System32\kernel32.dll:
4491c40.1db4: CreationTime: 2014-04-22T20:27:26.301334700Z
4501c40.1db4: LastWriteTime: 2014-03-04T09:44:00.336000000Z
4511c40.1db4: ChangeTime: 2014-04-22T23:49:45.884534200Z
4521c40.1db4: FileAttributes: 0x20
4531c40.1db4: Size: 0x11c000
4541c40.1db4: NT Headers: 0xe8
4551c40.1db4: Timestamp: 0x5315a059
4561c40.1db4: Machine: 0x8664 - amd64
4571c40.1db4: Timestamp: 0x5315a059
4581c40.1db4: Image Version: 6.1
4591c40.1db4: SizeOfImage: 0x11f000 (1175552)
4601c40.1db4: Resource Dir: 0x116000 LB 0x528
4611c40.1db4: ProductName: Microsoft® Windows® Operating System
4621c40.1db4: ProductVersion: 6.1.7601.18409
4631c40.1db4: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144)
4641c40.1db4: FileDescription: Windows NT BASE API Client DLL
4651c40.1db4: \SystemRoot\System32\KernelBase.dll:
4661c40.1db4: CreationTime: 2014-05-16T18:03:18.538638200Z
4671c40.1db4: LastWriteTime: 2014-03-04T09:44:00.336000000Z
4681c40.1db4: ChangeTime: 2014-05-16T22:13:41.537038200Z
4691c40.1db4: FileAttributes: 0x20
4701c40.1db4: Size: 0x67c00
4711c40.1db4: NT Headers: 0xe8
4721c40.1db4: Timestamp: 0x5315a05a
4731c40.1db4: Machine: 0x8664 - amd64
4741c40.1db4: Timestamp: 0x5315a05a
4751c40.1db4: Image Version: 6.1
4761c40.1db4: SizeOfImage: 0x6c000 (442368)
4771c40.1db4: Resource Dir: 0x6a000 LB 0x530
4781c40.1db4: ProductName: Microsoft® Windows® Operating System
4791c40.1db4: ProductVersion: 6.1.7601.18409
4801c40.1db4: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144)
4811c40.1db4: FileDescription: Windows NT BASE API Client DLL
4821c40.1db4: \SystemRoot\System32\apisetschema.dll:
4831c40.1db4: CreationTime: 2014-05-16T18:03:24.387138200Z
4841c40.1db4: LastWriteTime: 2014-04-12T02:28:22.719000000Z
4851c40.1db4: ChangeTime: 2014-05-16T22:13:41.240638200Z
4861c40.1db4: FileAttributes: 0x20
4871c40.1db4: Size: 0x1a00
4881c40.1db4: NT Headers: 0xc0
4891c40.1db4: Timestamp: 0x5348a50b
4901c40.1db4: Machine: 0x8664 - amd64
4911c40.1db4: Timestamp: 0x5348a50b
4921c40.1db4: Image Version: 6.1
4931c40.1db4: SizeOfImage: 0x50000 (327680)
4941c40.1db4: Resource Dir: 0x30000 LB 0x3f8
4951c40.1db4: ProductName: Microsoft® Windows® Operating System
4961c40.1db4: ProductVersion: 6.1.7601.22653
4971c40.1db4: FileVersion: 6.1.7601.22653 (win7sp1_ldr.140411-1533)
4981c40.1db4: FileDescription: ApiSet Schema DLL
4991c40.1db4: NtOpenDirectoryObject failed on \Driver: 0xc0000022
5001c40.1db4: supR3HardenedWinFindAdversaries: 0x400
5011c40.1db4: \SystemRoot\System32\drivers\MpFilter.sys:
5021c40.1db4: CreationTime: 2014-07-17T16:05:06.000000000Z
5031c40.1db4: LastWriteTime: 2014-07-17T16:05:06.000000000Z
5041c40.1db4: ChangeTime: 2014-10-22T13:04:59.820803700Z
5051c40.1db4: FileAttributes: 0x20
5061c40.1db4: Size: 0x41ad0
5071c40.1db4: NT Headers: 0xf0
5081c40.1db4: Timestamp: 0x53bdfdba
5091c40.1db4: Machine: 0x8664 - amd64
5101c40.1db4: Timestamp: 0x53bdfdba
5111c40.1db4: Image Version: 6.3
5121c40.1db4: SizeOfImage: 0x42000 (270336)
5131c40.1db4: Resource Dir: 0x40000 LB 0xd50
5141c40.1db4: ProductName: Microsoft Malware Protection
5151c40.1db4: ProductVersion: 4.6.0300.0
5161c40.1db4: FileVersion: 4.6.0300.0
5171c40.1db4: FileDescription: Microsoft antimalware file system filter driver
5181c40.1db4: \SystemRoot\System32\drivers\NisDrvWFP.sys:
5191c40.1db4: CreationTime: 2010-10-24T19:25:38.000000000Z
5201c40.1db4: LastWriteTime: 2014-07-17T16:05:06.000000000Z
5211c40.1db4: ChangeTime: 2014-10-22T13:04:58.903636900Z
5221c40.1db4: FileAttributes: 0x20
5231c40.1db4: Size: 0x1ea90
5241c40.1db4: NT Headers: 0xe0
5251c40.1db4: Timestamp: 0x53bdfde3
5261c40.1db4: Machine: 0x8664 - amd64
5271c40.1db4: Timestamp: 0x53bdfde3
5281c40.1db4: Image Version: 6.3
5291c40.1db4: SizeOfImage: 0x1f000 (126976)
5301c40.1db4: Resource Dir: 0x1c000 LB 0x1b90
5311c40.1db4: ProductName: Microsoft Malware Protection
5321c40.1db4: ProductVersion: 4.6.0300.0
5331c40.1db4: FileVersion: 4.6.0300.0
5341c40.1db4: FileDescription: Microsoft Network Realtime Inspection Driver
5351c40.1db4: Calling main()
5361c40.1db4: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
5371c40.1db4: '\Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VirtualBox.exe' has no imports
5381c40.1db4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VirtualBox.exe)
5391c40.1db4: SUPR3HardenedMain: Final process, opening VBoxDrv...
5401c40.1db4: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000300000 LB 0x400000)
5411c40.1db4: supR3HardNtEnableThreadCreation:
5421c40.1db4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VBoxSupLib.dll)
5431c40.1db4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VBoxSupLib.dll
5441c40.1db4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle VM VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000804270:C:\Windows\system32 [calling]
5451c40.1db4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
5461c40.1db4: supR3HardenedDllNotificationCallback: load 000007fefb010000 LB 0x00004000 C:\Program Files\Oracle VM VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
5471c40.1db4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
5481c40.1db4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
5491c40.1db4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle VM VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000804850:C:\Program Files\Oracle VM VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files\MySQL\MySQL Server 5.6\bin;C:\Program Files (x86)\MySQL\MySQL Utilities 1.3.5\ [calling]
5501c40.1db4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb010000 'C:\Program Files\Oracle VM VirtualBox\VBoxSupLib.DLL'
5511c40.1db4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
5521c40.1db4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle VM VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000804850:C:\Program Files\Oracle VM VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files\MySQL\MySQL Server 5.6\bin;C:\Program Files (x86)\MySQL\MySQL Utilities 1.3.5\ [calling]
5531c40.1db4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb010000 'C:\Program Files\Oracle VM VirtualBox\VBoxSupLib.DLL'
5541c40.1db4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb010000 'C:\Program Files\Oracle VM VirtualBox\VBoxSupLib.DLL'
5551c40.1db4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
5561c40.1db4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'.
5571c40.1db4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
5581c40.1db4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
5591c40.1db4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\wintrust.dll)
5601c40.1db4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wintrust.dll
5611c40.1db4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
5621c40.1db4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
5631c40.1db4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll)
5641c40.1db4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll
5651c40.1db4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
5661c40.1db4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume1\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
5671c40.1db4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\msasn1.dll)
5681c40.1db4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msasn1.dll
5691c40.1db4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
5701c40.1db4: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume1\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
5711c40.1db4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
5721c40.1db4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
5731c40.1db4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\crypt32.dll)
5741c40.1db4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\crypt32.dll
5751c40.1db4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
5761c40.1db4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
5771c40.1db4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\msvcrt.dll)
5781c40.1db4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msvcrt.dll
5791c40.1db4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
5801c40.1db4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume1\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
5811c40.1db4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
5821c40.1db4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
5831c40.1db4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
5841c40.1db4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
5851c40.1db4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000804270:C:\Windows\system32 [calling]
5861c40.1db4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5871c40.1db4: supR3HardenedDllNotificationCallback: load 000007fefdd90000 LB 0x0003a000 C:\Windows\system32\Wintrust.dll [fFlags=0x0]
5881c40.1db4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5891c40.1db4: supR3HardenedDllNotificationCallback: load 000007fefe600000 LB 0x0009f000 C:\Windows\system32\msvcrt.dll [fFlags=0x0]
5901c40.1db4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
5911c40.1db4: supR3HardenedDllNotificationCallback: load 000007fefdaf0000 LB 0x0016c000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0]
5921c40.1db4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
5931c40.1db4: supR3HardenedDllNotificationCallback: load 000007fefdae0000 LB 0x0000f000 C:\Windows\system32\MSASN1.dll [fFlags=0x0]
5941c40.1db4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
5951c40.1db4: supR3HardenedDllNotificationCallback: load 000007feffb30000 LB 0x0012d000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0]
5961c40.1db4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
5971c40.1db4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdd90000 'C:\Windows\system32\Wintrust.dll'
5981c40.1db4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\cryptsp.dll)
5991c40.1db4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\cryptsp.dll
6001c40.1db4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000804850:C:\Program Files\Oracle VM VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files\MySQL\MySQL Server 5.6\bin;C:\Program Files (x86)\MySQL\MySQL Utilities 1.3.5\ [calling]
6011c40.1db4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
6021c40.1db4: supR3HardenedDllNotificationCallback: load 000007fefd480000 LB 0x00017000 C:\Windows\system32\CRYPTSP.dll [fFlags=0x0]
6031c40.1db4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
6041c40.1db4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd480000 'C:\Windows\system32\CRYPTSP.dll'
6051c40.1db4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6061c40.1db4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\rsaenh.dll)
6071c40.1db4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\rsaenh.dll
6081c40.1db4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6091c40.1db4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6101c40.1db4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6111c40.1db4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000804850:C:\Program Files\Oracle VM VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files\MySQL\MySQL Server 5.6\bin;C:\Program Files (x86)\MySQL\MySQL Utilities 1.3.5\ [calling]
6121c40.1db4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6131c40.1db4: supR3HardenedDllNotificationCallback: load 000007fefcf30000 LB 0x00047000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
6141c40.1db4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6151c40.1db4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf30000 'C:\Windows\system32\rsaenh.dll'
6161c40.1db4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6171c40.1db4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
6181c40.1db4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\advapi32.dll)
6191c40.1db4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\advapi32.dll
6201c40.1db4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6211c40.1db4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6221c40.1db4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
6231c40.1db4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6241c40.1db4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6251c40.1db4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6261c40.1db4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000804850:C:\Program Files\Oracle VM VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files\MySQL\MySQL Server 5.6\bin;C:\Program Files (x86)\MySQL\MySQL Utilities 1.3.5\ [calling]
6271c40.1db4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
6281c40.1db4: supR3HardenedDllNotificationCallback: load 000007fefdf50000 LB 0x000db000 C:\Windows\system32\ADVAPI32.dll [fFlags=0x0]
6291c40.1db4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
6301c40.1db4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
6311c40.1db4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
6321c40.1db4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\sechost.dll)
6331c40.1db4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\sechost.dll
6341c40.1db4: supR3HardenedDllNotificationCallback: load 000007feff920000 LB 0x0001f000 C:\Windows\SYSTEM32\sechost.dll [fFlags=0x0]
6351c40.1db4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\sechost.dll [lacks WinVerifyTrust]
6361c40.1db4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf50000 'C:\Windows\system32\ADVAPI32.dll'
6371c40.1db4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\cryptbase.dll)
6381c40.1db4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\cryptbase.dll
6391c40.1db4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6401c40.1db4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6411c40.1db4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
6421c40.1db4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6431c40.1db4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6441c40.1db4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6451c40.1db4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000804850:C:\Program Files\Oracle VM VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files\MySQL\MySQL Server 5.6\bin;C:\Program Files (x86)\MySQL\MySQL Utilities 1.3.5\ [calling]
6461c40.1db4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
6471c40.1db4: supR3HardenedDllNotificationCallback: load 000007fefd8f0000 LB 0x0000f000 C:\Windows\system32\CRYPTBASE.dll [fFlags=0x0]
6481c40.1db4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
6491c40.1db4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd8f0000 'C:\Windows\system32\CRYPTBASE.dll'
6501c40.f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'rpcrt4.dll'.
6511c40.f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'version.dll'.
6521c40.f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
6531c40.f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
6541c40.f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'shell32.dll'.
6551c40.f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shlwapi.dll'.
6561c40.f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'userenv.dll'.
6571c40.f14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\privman64.dll)
6581c40.f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\privman64.dll
6591c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'...
6601c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume1\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008]
6611c40.f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6621c40.f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
6631c40.f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'profapi.dll'.
6641c40.f14: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\userenv.dll)
6651c40.f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\userenv.dll
6661c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
6671c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
6681c40.f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
6691c40.f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
6701c40.f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
6711c40.f14: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\shlwapi.dll)
6721c40.f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\shlwapi.dll
6731c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
6741c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume1\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
6751c40.f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6761c40.f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shlwapi.dll'.
6771c40.f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
6781c40.f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
6791c40.f14: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\shell32.dll)
6801c40.f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\shell32.dll
6811c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
6821c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
6831c40.f14: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
6841c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
6851c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
6861c40.f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
6871c40.f14: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\user32.dll)
6881c40.f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\user32.dll
6891c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
6901c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume1\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
6911c40.f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
6921c40.f14: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\version.dll)
6931c40.f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\version.dll
6941c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6951c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6961c40.f14: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
6971c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6981c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6991c40.f14: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
7001c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
7011c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
7021c40.f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
7031c40.f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'.
7041c40.f14: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\gdi32.dll)
7051c40.f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\gdi32.dll
7061c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
7071c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
7081c40.f14: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
7091c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
7101c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
7111c40.f14: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
7121c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
7131c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
7141c40.f14: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
7151c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
7161c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
7171c40.f14: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
7181c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
7191c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
7201c40.f14: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
7211c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
7221c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
7231c40.f14: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
7241c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
7251c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
7261c40.f14: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
7271c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
7281c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
7291c40.f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
7301c40.f14: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\profapi.dll)
7311c40.f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\profapi.dll
7321c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
7331c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
7341c40.f14: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
7351c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
7361c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
7371c40.f14: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
7381c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
7391c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
7401c40.f14: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
7411c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'...
7421c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume1\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008]
7431c40.f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
7441c40.f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
7451c40.f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'.
7461c40.f14: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\lpk.dll)
7471c40.f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\lpk.dll
7481c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
7491c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
7501c40.f14: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
7511c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'...
7521c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume1\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008]
7531c40.f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
7541c40.f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
7551c40.f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
7561c40.f14: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\usp10.dll)
7571c40.f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\usp10.dll
7581c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
7591c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
7601c40.f14: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
7611c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
7621c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
7631c40.f14: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
7641c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
7651c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
7661c40.f14: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
7671c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
7681c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
7691c40.f14: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
7701c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
7711c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
7721c40.f14: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
7731c40.f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\privman64.dll (Input=privman64.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
7741c40.f14: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\privman64.dll [lacks WinVerifyTrust]
7751c40.f14: supR3HardenedDllNotificationCallback: load 0000000180000000 LB 0x0002c000 C:\Windows\system32\privman64.dll [fFlags=0x0]
7761c40.f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\privman64.dll [lacks WinVerifyTrust]
7778ec.1b00: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 203 ms, the end);
778b90.1a60: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 1096 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy