VirtualBox

Ticket #13697: VBoxHardening.3.log

File VBoxHardening.3.log, 12.8 KB (added by rogan, 7 years ago)
Line 
12b80.2834: Log file opened: 5.1.28r117968 g_hStartupLog=0000000000000048 g_uNtVerCombined=0x611db110
22b80.2834: \SystemRoot\System32\ntdll.dll:
32b80.2834: CreationTime: 2017-09-15T09:09:36.080790000Z
42b80.2834: LastWriteTime: 2017-08-11T06:36:37.595749500Z
52b80.2834: ChangeTime: 2017-09-15T14:22:44.845480000Z
62b80.2834: FileAttributes: 0x20
72b80.2834: Size: 0x1a7100
82b80.2834: NT Headers: 0xe0
92b80.2834: Timestamp: 0x598d5074
102b80.2834: Machine: 0x8664 - amd64
112b80.2834: Timestamp: 0x598d5074
122b80.2834: Image Version: 6.1
132b80.2834: SizeOfImage: 0x1aa000 (1744896)
142b80.2834: Resource Dir: 0x14e000 LB 0x5a028
152b80.2834: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
162b80.2834: [Raw version resource data: 0x14e0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
172b80.2834: ProductName: Microsoft® Windows® Operating System
182b80.2834: ProductVersion: 6.1.7601.23889
192b80.2834: FileVersion: 6.1.7601.23889 (win7sp1_ldr.170810-1615)
202b80.2834: FileDescription: NT Layer DLL
212b80.2834: \SystemRoot\System32\kernel32.dll:
222b80.2834: CreationTime: 2017-09-15T09:09:35.151697100Z
232b80.2834: LastWriteTime: 2017-08-11T06:34:55.815000000Z
242b80.2834: ChangeTime: 2017-09-15T14:22:45.781486000Z
252b80.2834: FileAttributes: 0x20
262b80.2834: Size: 0x11c000
272b80.2834: NT Headers: 0xe0
282b80.2834: Timestamp: 0x598d50b9
292b80.2834: Machine: 0x8664 - amd64
302b80.2834: Timestamp: 0x598d50b9
312b80.2834: Image Version: 6.1
322b80.2834: SizeOfImage: 0x11f000 (1175552)
332b80.2834: Resource Dir: 0x116000 LB 0x528
342b80.2834: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
352b80.2834: [Raw version resource data: 0x1160b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
362b80.2834: ProductName: Microsoft® Windows® Operating System
372b80.2834: ProductVersion: 6.1.7601.23889
382b80.2834: FileVersion: 6.1.7601.23889 (win7sp1_ldr.170810-1615)
392b80.2834: FileDescription: Windows NT BASE API Client DLL
402b80.2834: \SystemRoot\System32\KernelBase.dll:
412b80.2834: CreationTime: 2017-09-15T09:10:18.838065300Z
422b80.2834: LastWriteTime: 2017-08-11T06:34:55.815000000Z
432b80.2834: ChangeTime: 2017-09-15T14:22:45.765885900Z
442b80.2834: FileAttributes: 0x20
452b80.2834: Size: 0x66800
462b80.2834: NT Headers: 0xe8
472b80.2834: Timestamp: 0x598d50ba
482b80.2834: Machine: 0x8664 - amd64
492b80.2834: Timestamp: 0x598d50ba
502b80.2834: Image Version: 6.1
512b80.2834: SizeOfImage: 0x6a000 (434176)
522b80.2834: Resource Dir: 0x68000 LB 0x530
532b80.2834: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
542b80.2834: [Raw version resource data: 0x680b0 LB 0x3ac, codepage 0x0 (reserved 0x0)]
552b80.2834: ProductName: Microsoft® Windows® Operating System
562b80.2834: ProductVersion: 6.1.7601.23889
572b80.2834: FileVersion: 6.1.7601.23889 (win7sp1_ldr.170810-1615)
582b80.2834: FileDescription: Windows NT BASE API Client DLL
592b80.2834: \SystemRoot\System32\apisetschema.dll:
602b80.2834: CreationTime: 2017-09-15T09:10:19.231104600Z
612b80.2834: LastWriteTime: 2017-08-11T06:34:50.979000000Z
622b80.2834: ChangeTime: 2017-09-15T14:22:44.627078600Z
632b80.2834: FileAttributes: 0x20
642b80.2834: Size: 0x1a00
652b80.2834: NT Headers: 0xc0
662b80.2834: Timestamp: 0x598d5053
672b80.2834: Machine: 0x8664 - amd64
682b80.2834: Timestamp: 0x598d5053
692b80.2834: Image Version: 6.1
702b80.2834: SizeOfImage: 0x50000 (327680)
712b80.2834: Resource Dir: 0x30000 LB 0x3f8
722b80.2834: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
732b80.2834: [Raw version resource data: 0x30060 LB 0x398, codepage 0x0 (reserved 0x0)]
742b80.2834: ProductName: Microsoft® Windows® Operating System
752b80.2834: ProductVersion: 6.1.7601.23889
762b80.2834: FileVersion: 6.1.7601.23889 (win7sp1_ldr.170810-1615)
772b80.2834: FileDescription: ApiSet Schema DLL
782b80.2834: Found driver mfewfpk (0x20)
792b80.2834: Found driver PGDriver (0x20000)
802b80.2834: Found driver mfehidk (0x20)
812b80.2834: Found driver mfeavfk (0x20)
822b80.2834: Found driver dgmaster (0x2000)
832b80.2834: Found driver mfefirek (0x20)
842b80.2834: supR3HardenedWinFindAdversaries: 0x22020
852b80.2834: \SystemRoot\System32\drivers\mfeavfk.sys:
862b80.2834: CreationTime: 2017-04-24T12:03:24.245344200Z
872b80.2834: LastWriteTime: 2017-04-24T12:03:24.245344200Z
882b80.2834: ChangeTime: 2017-04-24T12:04:12.892674900Z
892b80.2834: FileAttributes: 0x20
902b80.2834: Size: 0x59038
912b80.2834: NT Headers: 0xe8
922b80.2834: Timestamp: 0x57856390
932b80.2834: Machine: 0x8664 - amd64
942b80.2834: Timestamp: 0x57856390
952b80.2834: Image Version: 0.0
962b80.2834: SizeOfImage: 0x59000 (364544)
972b80.2834: Resource Dir: 0x57000 LB 0x758
982b80.2834: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
992b80.2834: [Raw version resource data: 0x57110 LB 0x334, codepage 0x0 (reserved 0x0)]
1002b80.2834: ProductName: SYSCORE
1012b80.2834: ProductVersion: 15.5.0.4030
1022b80.2834: FileVersion: SYSCORE.15.5.0.4030
1032b80.2834: PrivateBuild: SYSCORE.15.5.0.4030 F15,F16,F19
1042b80.2834: FileDescription: Anti-Virus File System Filter Driver
1052b80.2834: \SystemRoot\System32\drivers\mfefirek.sys:
1062b80.2834: CreationTime: 2017-04-24T12:08:55.700607900Z
1072b80.2834: LastWriteTime: 2017-04-24T12:05:30.187439600Z
1082b80.2834: ChangeTime: 2017-04-24T12:05:30.187439600Z
1092b80.2834: FileAttributes: 0x20
1102b80.2834: Size: 0x7d438
1112b80.2834: NT Headers: 0xf0
1122b80.2834: Timestamp: 0x578563d4
1132b80.2834: Machine: 0x8664 - amd64
1142b80.2834: Timestamp: 0x578563d4
1152b80.2834: Image Version: 0.0
1162b80.2834: SizeOfImage: 0x7e000 (516096)
1172b80.2834: Resource Dir: 0x7a000 LB 0x388
1182b80.2834: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1192b80.2834: [Raw version resource data: 0x7a060 LB 0x328, codepage 0x0 (reserved 0x0)]
1202b80.2834: ProductName: SYSCORE
1212b80.2834: ProductVersion: 15.5.0.4030
1222b80.2834: FileVersion: SYSCORE.15.5.0.4030
1232b80.2834: PrivateBuild: SYSCORE.15.5.0.4030 F17,F18
1242b80.2834: FileDescription: McAfee Core Firewall Engine Driver
1252b80.2834: \SystemRoot\System32\drivers\mfehidk.sys:
1262b80.2834: CreationTime: 2017-04-24T12:04:05.947515400Z
1272b80.2834: LastWriteTime: 2017-04-24T12:03:24.198522900Z
1282b80.2834: ChangeTime: 2017-04-24T12:03:24.198522900Z
1292b80.2834: FileAttributes: 0x20
1302b80.2834: Size: 0xd6438
1312b80.2834: NT Headers: 0x100
1322b80.2834: Timestamp: 0x57856358
1332b80.2834: Machine: 0x8664 - amd64
1342b80.2834: Timestamp: 0x57856358
1352b80.2834: Image Version: 0.0
1362b80.2834: SizeOfImage: 0xe1000 (921600)
1372b80.2834: Resource Dir: 0xdd000 LB 0x758
1382b80.2834: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
1392b80.2834: [Raw version resource data: 0xdd110 LB 0x320, codepage 0x0 (reserved 0x0)]
1402b80.2834: ProductName: SYSCORE
1412b80.2834: ProductVersion: 15.5.0.4030
1422b80.2834: FileVersion: SYSCORE.15.5.0.4030
1432b80.2834: PrivateBuild: SYSCORE.15.5.0.4030 F14,F15,F16,F18,F20
1442b80.2834: FileDescription: McAfee Link Driver
1452b80.2834: \SystemRoot\System32\drivers\mfewfpk.sys:
1462b80.2834: CreationTime: 2017-04-24T12:05:53.395197300Z
1472b80.2834: LastWriteTime: 2017-04-24T12:05:29.719226600Z
1482b80.2834: ChangeTime: 2017-04-24T12:05:29.719226600Z
1492b80.2834: FileAttributes: 0x20
1502b80.2834: Size: 0x3dc38
1512b80.2834: NT Headers: 0x100
1522b80.2834: Timestamp: 0x57856365
1532b80.2834: Machine: 0x8664 - amd64
1542b80.2834: Timestamp: 0x57856365
1552b80.2834: Image Version: 0.0
1562b80.2834: SizeOfImage: 0x59000 (364544)
1572b80.2834: Resource Dir: 0x57000 LB 0x380
1582b80.2834: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1592b80.2834: [Raw version resource data: 0x57060 LB 0x320, codepage 0x0 (reserved 0x0)]
1602b80.2834: ProductName: SYSCORE
1612b80.2834: ProductVersion: 15.5.0.4030
1622b80.2834: FileVersion: SYSCORE.15.5.0.4030
1632b80.2834: PrivateBuild: SYSCORE.15.5.0.4030 F17,F18
1642b80.2834: FileDescription: Anti-Virus Mini-Firewall Driver
1652b80.2834: \SystemRoot\System32\drivers\PGDriver.sys:
1662b80.2834: CreationTime: 2017-09-14T07:57:23.368560900Z
1672b80.2834: LastWriteTime: 2017-06-22T12:50:20.000000000Z
1682b80.2834: ChangeTime: 2017-09-25T12:49:21.358800100Z
1692b80.2834: FileAttributes: 0x20
1702b80.2834: Size: 0x8490
1712b80.2834: NT Headers: 0xf8
1722b80.2834: Timestamp: 0x59394114
1732b80.2834: Machine: 0x8664 - amd64
1742b80.2834: Timestamp: 0x59394114
1752b80.2834: Image Version: 6.3
1762b80.2834: SizeOfImage: 0xb000 (45056)
1772b80.2834: Resource Dir: 0x9000 LB 0x430
1782b80.2834: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1792b80.2834: [Raw version resource data: 0x9060 LB 0x3cc, codepage 0x0 (reserved 0x0)]
1802b80.2834: ProductName: Avecto Defendpoint
1812b80.2834: ProductVersion: 2017.06.08.1
1822b80.2834: FileVersion: 2017.06.08.1
1832b80.2834: SpecialBuild: D
1842b80.2834: FileDescription: Defendpoint Driver
1852b80.2834: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
1862b80.2834: Calling main()
1872b80.2834: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
1882b80.2834: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
1892b80.2834: SUPR3HardenedMain: Respawn #1
1902b80.2834: System32: \Device\HarddiskVolume1\Windows\System32
1912b80.2834: WinSxS: \Device\HarddiskVolume1\Windows\winsxs
1922b80.2834: KnownDllPath: C:\Windows\system32
1932b80.2834: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
1942b80.2834: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe)
1952b80.2834: supR3HardNtEnableThreadCreation:
1962b80.2834: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007770a360 pvNtTerminateThread=000000007772c260
1972b80.2834: supR3HardenedWinDoReSpawn(1): New child 930.2038 [kernel32].
1982b80.2834: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdb000 cbPeb=0x380
1992b80.2834: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00000000776e0000 uNtDllChildAddr=00000000776e0000
2002b80.2834: supR3HardenedWinSetupChildInit: uLdrInitThunk=000000007770a360
2012b80.2834: supR3HardenedWinSetupChildInit: Start child.
2022b80.2834: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
2032b80.2834: supR3HardNtChildPurify: Startup delay kludge #1/0: 513 ms, 64 sleeps
2042b80.2834: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
2052b80.2834: *0000000000000000-000000000000ffff 0x0001/0x0000 0x0000000
2062b80.2834: *0000000000010000-000000000002ffff 0x0004/0x0004 0x0020000
2072b80.2834: *0000000000030000-0000000000030fff 0x0040/0x0040 0x0020000 !!
2082b80.2834: supHardNtVpFreeOrReplacePrivateExecMemory: Replacing exec mem at 0000000000030000 (LB 0x1000, 0000000000030000 LB 0x1000)
2092b80.2834: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [0000000000030000/0000000000030000 LB 0/0x1000]
2102b80.2834: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/0000000000030000 LB 0x10000 s=0x10000 ap=0x0 rp=0x73007200000001
2112b80.2834: Error (rc=-5673):
2122b80.2834: NtAllocateVirtualMemory (0000000000030000 LB 0x1000) failed with rcNt=0xc0000018 allocating replacement memory for working around buggy protection software. See VBoxStartup.log for more details
2132b80.2834: Error (rc=-5645):
2142b80.2834: Too many virtual memory regions.
215
2162b80.2834: Error (rc=-5673):
2172b80.2834: supHardenedWinVerifyProcess failed with Unknown Status -5673 (0xffffe9d7): NtAllocateVirtualMemory (0000000000030000 LB 0x1000) failed with rcNt=0xc0000018 allocating replacement memory for working around buggy protection software. See VBoxStartup.log for more details
218[rc=-5645] Too many virtual memory regions.
2192b80.2834: Error -5673 in supR3HardNtChildPurify! (enmWhat=5)
2202b80.2834: supHardenedWinVerifyProcess failed with Unknown Status -5673 (0xffffe9d7): NtAllocateVirtualMemory (0000000000030000 LB 0x1000) failed with rcNt=0xc0000018 allocating replacement memory for working around buggy protection software. See VBoxStartup.log for more details
221[rc=-5645] Too many virtual memory regions.
2222b80.2834: supR3HardNtEnableThreadCreation:

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy