| 1 | eb4.237c: Log file opened: 5.0.16r105871 g_hStartupLog=0000000000000014 g_uNtVerCombined=0x611db110
|
|---|
| 2 | eb4.237c: \SystemRoot\System32\ntdll.dll:
|
|---|
| 3 | eb4.237c: CreationTime: 2016-03-15T07:00:57.557312200Z
|
|---|
| 4 | eb4.237c: LastWriteTime: 2016-02-11T18:52:52.157940400Z
|
|---|
| 5 | eb4.237c: ChangeTime: 2016-03-17T04:55:11.918319000Z
|
|---|
| 6 | eb4.237c: FileAttributes: 0x20
|
|---|
| 7 | eb4.237c: Size: 0x1a73d8
|
|---|
| 8 | eb4.237c: NT Headers: 0xe0
|
|---|
| 9 | eb4.237c: Timestamp: 0x56bcd74c
|
|---|
| 10 | eb4.237c: Machine: 0x8664 - amd64
|
|---|
| 11 | eb4.237c: Timestamp: 0x56bcd74c
|
|---|
| 12 | eb4.237c: Image Version: 6.1
|
|---|
| 13 | eb4.237c: SizeOfImage: 0x1aa000 (1744896)
|
|---|
| 14 | eb4.237c: Resource Dir: 0x14e000 LB 0x5a028
|
|---|
| 15 | eb4.237c: ProductName: Microsoft® Windows® Operating System
|
|---|
| 16 | eb4.237c: ProductVersion: 6.1.7601.19160
|
|---|
| 17 | eb4.237c: FileVersion: 6.1.7601.19160 (win7sp1_gdr.160211-0600)
|
|---|
| 18 | eb4.237c: FileDescription: NT Layer DLL
|
|---|
| 19 | eb4.237c: \SystemRoot\System32\kernel32.dll:
|
|---|
| 20 | eb4.237c: CreationTime: 2016-03-15T07:00:57.458312200Z
|
|---|
| 21 | eb4.237c: LastWriteTime: 2016-02-11T18:44:34.819000000Z
|
|---|
| 22 | eb4.237c: ChangeTime: 2016-03-17T00:36:51.827533100Z
|
|---|
| 23 | eb4.237c: FileAttributes: 0x20
|
|---|
| 24 | eb4.237c: Size: 0x11c000
|
|---|
| 25 | eb4.237c: NT Headers: 0xe8
|
|---|
| 26 | eb4.237c: Timestamp: 0x56bcd73b
|
|---|
| 27 | eb4.237c: Machine: 0x8664 - amd64
|
|---|
| 28 | eb4.237c: Timestamp: 0x56bcd73b
|
|---|
| 29 | eb4.237c: Image Version: 6.1
|
|---|
| 30 | eb4.237c: SizeOfImage: 0x11f000 (1175552)
|
|---|
| 31 | eb4.237c: Resource Dir: 0x116000 LB 0x528
|
|---|
| 32 | eb4.237c: ProductName: Microsoft® Windows® Operating System
|
|---|
| 33 | eb4.237c: ProductVersion: 6.1.7601.19160
|
|---|
| 34 | eb4.237c: FileVersion: 6.1.7601.19160 (win7sp1_gdr.160211-0600)
|
|---|
| 35 | eb4.237c: FileDescription: Windows NT BASE API Client DLL
|
|---|
| 36 | eb4.237c: \SystemRoot\System32\KernelBase.dll:
|
|---|
| 37 | eb4.237c: CreationTime: 2016-03-15T07:00:58.494312200Z
|
|---|
| 38 | eb4.237c: LastWriteTime: 2016-02-11T18:44:34.850000000Z
|
|---|
| 39 | eb4.237c: ChangeTime: 2016-03-17T00:36:51.843533100Z
|
|---|
| 40 | eb4.237c: FileAttributes: 0x20
|
|---|
| 41 | eb4.237c: Size: 0x67200
|
|---|
| 42 | eb4.237c: NT Headers: 0xe8
|
|---|
| 43 | eb4.237c: Timestamp: 0x56bcd73c
|
|---|
| 44 | eb4.237c: Machine: 0x8664 - amd64
|
|---|
| 45 | eb4.237c: Timestamp: 0x56bcd73c
|
|---|
| 46 | eb4.237c: Image Version: 6.1
|
|---|
| 47 | eb4.237c: SizeOfImage: 0x6b000 (438272)
|
|---|
| 48 | eb4.237c: Resource Dir: 0x69000 LB 0x530
|
|---|
| 49 | eb4.237c: ProductName: Microsoft® Windows® Operating System
|
|---|
| 50 | eb4.237c: ProductVersion: 6.1.7601.19160
|
|---|
| 51 | eb4.237c: FileVersion: 6.1.7601.19160 (win7sp1_gdr.160211-0600)
|
|---|
| 52 | eb4.237c: FileDescription: Windows NT BASE API Client DLL
|
|---|
| 53 | eb4.237c: \SystemRoot\System32\apisetschema.dll:
|
|---|
| 54 | eb4.237c: CreationTime: 2016-03-15T07:01:00.001312200Z
|
|---|
| 55 | eb4.237c: LastWriteTime: 2016-02-11T18:41:37.445000000Z
|
|---|
| 56 | eb4.237c: ChangeTime: 2016-03-17T04:55:12.027519200Z
|
|---|
| 57 | eb4.237c: FileAttributes: 0x20
|
|---|
| 58 | eb4.237c: Size: 0x1a00
|
|---|
| 59 | eb4.237c: NT Headers: 0xc0
|
|---|
| 60 | eb4.237c: Timestamp: 0x56bcd628
|
|---|
| 61 | eb4.237c: Machine: 0x8664 - amd64
|
|---|
| 62 | eb4.237c: Timestamp: 0x56bcd628
|
|---|
| 63 | eb4.237c: Image Version: 6.1
|
|---|
| 64 | eb4.237c: SizeOfImage: 0x50000 (327680)
|
|---|
| 65 | eb4.237c: Resource Dir: 0x30000 LB 0x3f8
|
|---|
| 66 | eb4.237c: ProductName: Microsoft® Windows® Operating System
|
|---|
| 67 | eb4.237c: ProductVersion: 6.1.7601.19160
|
|---|
| 68 | eb4.237c: FileVersion: 6.1.7601.19160 (win7sp1_gdr.160211-0600)
|
|---|
| 69 | eb4.237c: FileDescription: ApiSet Schema DLL
|
|---|
| 70 | eb4.237c: Found driver mfewfpk (0x20)
|
|---|
| 71 | eb4.237c: Found driver mfehidk (0x20)
|
|---|
| 72 | eb4.237c: Found driver mfeavfk (0x20)
|
|---|
| 73 | eb4.237c: Found driver dgmaster (0x2000)
|
|---|
| 74 | eb4.237c: Found driver mfeapfk (0x20)
|
|---|
| 75 | eb4.237c: Found driver mfefirek (0x20)
|
|---|
| 76 | eb4.237c: supR3HardenedWinFindAdversaries: 0x2020
|
|---|
| 77 | eb4.237c: \SystemRoot\System32\drivers\mfeapfk.sys:
|
|---|
| 78 | eb4.237c: CreationTime: 2014-10-24T16:02:15.367758600Z
|
|---|
| 79 | eb4.237c: LastWriteTime: 2014-08-28T12:58:32.000000000Z
|
|---|
| 80 | eb4.237c: ChangeTime: 2016-03-17T04:54:54.898689100Z
|
|---|
| 81 | eb4.237c: FileAttributes: 0x20
|
|---|
| 82 | eb4.237c: Size: 0x2c548
|
|---|
| 83 | eb4.237c: NT Headers: 0xe0
|
|---|
| 84 | eb4.237c: Timestamp: 0x53ee4b6e
|
|---|
| 85 | eb4.237c: Machine: 0x8664 - amd64
|
|---|
| 86 | eb4.237c: Timestamp: 0x53ee4b6e
|
|---|
| 87 | eb4.237c: Image Version: 0.0
|
|---|
| 88 | eb4.237c: SizeOfImage: 0x2a200 (172544)
|
|---|
| 89 | eb4.237c: Resource Dir: 0x29a00 LB 0x340
|
|---|
| 90 | eb4.237c: ProductName: SYSCORE
|
|---|
| 91 | eb4.237c: FileVersion: SYSCORE.15.1.0.680
|
|---|
| 92 | eb4.237c: PrivateBuild: SYSCORE.15.1.0.680 F16
|
|---|
| 93 | eb4.237c: FileDescription: Access Protection Filter Driver
|
|---|
| 94 | eb4.237c: \SystemRoot\System32\drivers\mfeavfk.sys:
|
|---|
| 95 | eb4.237c: CreationTime: 2014-10-24T16:02:15.183758600Z
|
|---|
| 96 | eb4.237c: LastWriteTime: 2014-08-28T13:00:14.000000000Z
|
|---|
| 97 | eb4.237c: ChangeTime: 2016-03-17T05:48:21.146979900Z
|
|---|
| 98 | eb4.237c: FileAttributes: 0x20
|
|---|
| 99 | eb4.237c: Size: 0x4c948
|
|---|
| 100 | eb4.237c: NT Headers: 0xe8
|
|---|
| 101 | eb4.237c: Timestamp: 0x53ee4b7e
|
|---|
| 102 | eb4.237c: Machine: 0x8664 - amd64
|
|---|
| 103 | eb4.237c: Timestamp: 0x53ee4b7e
|
|---|
| 104 | eb4.237c: Image Version: 0.0
|
|---|
| 105 | eb4.237c: SizeOfImage: 0x4a300 (303872)
|
|---|
| 106 | eb4.237c: Resource Dir: 0x49500 LB 0x718
|
|---|
| 107 | eb4.237c: ProductName: SYSCORE
|
|---|
| 108 | eb4.237c: FileVersion: SYSCORE.15.1.0.680
|
|---|
| 109 | eb4.237c: PrivateBuild: SYSCORE.15.1.0.680 F15,F16,F19
|
|---|
| 110 | eb4.237c: FileDescription: Anti-Virus File System Filter Driver
|
|---|
| 111 | eb4.237c: \SystemRoot\System32\drivers\mfefirek.sys:
|
|---|
| 112 | eb4.237c: CreationTime: 2014-10-24T16:28:03.932756900Z
|
|---|
| 113 | eb4.237c: LastWriteTime: 2014-08-28T13:03:42.000000000Z
|
|---|
| 114 | eb4.237c: ChangeTime: 2016-03-17T05:48:21.178179900Z
|
|---|
| 115 | eb4.237c: FileAttributes: 0x20
|
|---|
| 116 | eb4.237c: Size: 0x80810
|
|---|
| 117 | eb4.237c: NT Headers: 0xe8
|
|---|
| 118 | eb4.237c: Timestamp: 0x53ee4bce
|
|---|
| 119 | eb4.237c: Machine: 0x8664 - amd64
|
|---|
| 120 | eb4.237c: Timestamp: 0x53ee4bce
|
|---|
| 121 | eb4.237c: Image Version: 0.0
|
|---|
| 122 | eb4.237c: SizeOfImage: 0x7dd00 (515328)
|
|---|
| 123 | eb4.237c: Resource Dir: 0x7b380 LB 0x350
|
|---|
| 124 | eb4.237c: ProductName: SYSCORE
|
|---|
| 125 | eb4.237c: FileVersion: SYSCORE.15.1.0.680
|
|---|
| 126 | eb4.237c: PrivateBuild: SYSCORE.15.1.0.680 F17,F18
|
|---|
| 127 | eb4.237c: FileDescription: McAfee Core Firewall Engine Driver
|
|---|
| 128 | eb4.237c: \SystemRoot\System32\drivers\mfehidk.sys:
|
|---|
| 129 | eb4.237c: CreationTime: 2014-10-24T16:02:14.427758600Z
|
|---|
| 130 | eb4.237c: LastWriteTime: 2014-08-28T13:08:02.000000000Z
|
|---|
| 131 | eb4.237c: ChangeTime: 2016-03-17T05:48:21.193779900Z
|
|---|
| 132 | eb4.237c: FileAttributes: 0x20
|
|---|
| 133 | eb4.237c: Size: 0xbff78
|
|---|
| 134 | eb4.237c: NT Headers: 0xf0
|
|---|
| 135 | eb4.237c: Timestamp: 0x53ee4b36
|
|---|
| 136 | eb4.237c: Machine: 0x8664 - amd64
|
|---|
| 137 | eb4.237c: Timestamp: 0x53ee4b36
|
|---|
| 138 | eb4.237c: Image Version: 0.0
|
|---|
| 139 | eb4.237c: SizeOfImage: 0xbce80 (773760)
|
|---|
| 140 | eb4.237c: Resource Dir: 0xba880 LB 0x348
|
|---|
| 141 | eb4.237c: ProductName: SYSCORE
|
|---|
| 142 | eb4.237c: FileVersion: SYSCORE.15.1.0.680
|
|---|
| 143 | eb4.237c: PrivateBuild: SYSCORE.15.1.0.680 F14,F15,F16,F18,F20
|
|---|
| 144 | eb4.237c: FileDescription: McAfee Link Driver
|
|---|
| 145 | eb4.237c: \SystemRoot\System32\drivers\mfewfpk.sys:
|
|---|
| 146 | eb4.237c: CreationTime: 2014-10-24T16:02:09.204758600Z
|
|---|
| 147 | eb4.237c: LastWriteTime: 2014-08-28T13:17:38.000000000Z
|
|---|
| 148 | eb4.237c: ChangeTime: 2016-03-17T03:52:46.469633100Z
|
|---|
| 149 | eb4.237c: FileAttributes: 0x20
|
|---|
| 150 | eb4.237c: Size: 0x55188
|
|---|
| 151 | eb4.237c: NT Headers: 0xf8
|
|---|
| 152 | eb4.237c: Timestamp: 0x53ee4b46
|
|---|
| 153 | eb4.237c: Machine: 0x8664 - amd64
|
|---|
| 154 | eb4.237c: Timestamp: 0x53ee4b46
|
|---|
| 155 | eb4.237c: Image Version: 0.0
|
|---|
| 156 | eb4.237c: SizeOfImage: 0x52a80 (338560)
|
|---|
| 157 | eb4.237c: Resource Dir: 0x51f00 LB 0x348
|
|---|
| 158 | eb4.237c: ProductName: SYSCORE
|
|---|
| 159 | eb4.237c: FileVersion: SYSCORE.15.1.0.680
|
|---|
| 160 | eb4.237c: PrivateBuild: SYSCORE.15.1.0.680 F17,F18
|
|---|
| 161 | eb4.237c: FileDescription: Anti-Virus Mini-Firewall Driver
|
|---|
| 162 | eb4.237c: \SystemRoot\System32\drivers\dgmaster.sys:
|
|---|
| 163 | eb4.237c: CreationTime: 2014-10-24T16:29:07.261756900Z
|
|---|
| 164 | eb4.237c: LastWriteTime: 2013-06-11T18:04:28.000000000Z
|
|---|
| 165 | eb4.237c: ChangeTime: 2014-10-24T16:29:07.345756900Z
|
|---|
| 166 | eb4.237c: FileAttributes: 0x20
|
|---|
| 167 | eb4.237c: Size: 0x1556f0
|
|---|
| 168 | eb4.237c: NT Headers: 0x108
|
|---|
| 169 | eb4.237c: Timestamp: 0x51b766a9
|
|---|
| 170 | eb4.237c: Machine: 0x8664 - amd64
|
|---|
| 171 | eb4.237c: Timestamp: 0x51b766a9
|
|---|
| 172 | eb4.237c: Image Version: 6.1
|
|---|
| 173 | eb4.237c: SizeOfImage: 0x16a000 (1482752)
|
|---|
| 174 | eb4.237c: Resource Dir: 0x12d000 LB 0x35f80
|
|---|
| 175 | eb4.237c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
|
|---|
| 176 | eb4.237c: Calling main()
|
|---|
| 177 | eb4.237c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
|
|---|
| 178 | eb4.237c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
|
|---|
| 179 | eb4.237c: SUPR3HardenedMain: Respawn #1
|
|---|
| 180 | eb4.237c: System32: \Device\HarddiskVolume1\Windows\System32
|
|---|
| 181 | eb4.237c: WinSxS: \Device\HarddiskVolume1\Windows\winsxs
|
|---|
| 182 | eb4.237c: KnownDllPath: C:\Windows\system32
|
|---|
| 183 | eb4.237c: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
|
|---|
| 184 | eb4.237c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe)
|
|---|
| 185 | eb4.237c: supR3HardNtEnableThreadCreation:
|
|---|
| 186 | eb4.237c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007714b170 pvNtTerminateThread=000000007716d8e0
|
|---|
| 187 | eb4.237c: supR3HardenedWinDoReSpawn(1): New child e50.178c [kernel32].
|
|---|
| 188 | eb4.237c: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdf000 cbPeb=0x380
|
|---|
| 189 | eb4.237c: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077120000 uNtDllChildAddr=0000000077120000
|
|---|
| 190 | eb4.237c: supR3HardenedWinSetupChildInit: uLdrInitThunk=000000007714b170
|
|---|
| 191 | eb4.237c: supR3HardenedWinSetupChildInit: Start child.
|
|---|
| 192 | eb4.237c: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
|
|---|
| 193 | eb4.237c: supR3HardNtChildPurify: Startup delay kludge #1/0: 519 ms, 43 sleeps
|
|---|
| 194 | eb4.237c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
|
|---|
| 195 | eb4.237c: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
|
|---|
| 196 | eb4.237c: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
|
|---|
| 197 | eb4.237c: *0000000000030000-000000000002efff 0x0040/0x0040 0x0020000 !!
|
|---|
| 198 | eb4.237c: supHardNtVpFreeOrReplacePrivateExecMemory: Replacing exec mem at 0000000000030000 (LB 0x1000, 0000000000030000 LB 0x1000)
|
|---|
| 199 | eb4.237c: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [0000000000030000/0000000000030000 LB 0/0x1000]
|
|---|
| 200 | eb4.237c: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/0000000000030000 LB 0x10000 s=0x10000 ap=0x0 rp=0x00000000000001
|
|---|
| 201 | eb4.237c: Error (rc=-5673):
|
|---|
| 202 | eb4.237c: NtAllocateVirtualMemory (0000000000030000 LB 0x1000) failed with rcNt=0xc0000018 allocating replacement memory for working around buggy protection software. See VBoxStartup.log for more details
|
|---|
| 203 | eb4.237c: Error (rc=-5645):
|
|---|
| 204 | eb4.237c: Too many virtual memory regions.
|
|---|
| 205 |
|
|---|
| 206 | eb4.237c: Error (rc=-5673):
|
|---|
| 207 | eb4.237c: supHardenedWinVerifyProcess failed with Unknown Status -5673 (0xffffe9d7): NtAllocateVirtualMemory (0000000000030000 LB 0x1000) failed with rcNt=0xc0000018 allocating replacement memory for working around buggy protection software. See VBoxStartup.log for more details
|
|---|
| 208 | [rc=-5645] Too many virtual memory regions.
|
|---|
| 209 | eb4.237c: Error -5673 in supR3HardNtChildPurify! (enmWhat=5)
|
|---|
| 210 | eb4.237c: supHardenedWinVerifyProcess failed with Unknown Status -5673 (0xffffe9d7): NtAllocateVirtualMemory (0000000000030000 LB 0x1000) failed with rcNt=0xc0000018 allocating replacement memory for working around buggy protection software. See VBoxStartup.log for more details
|
|---|
| 211 | [rc=-5645] Too many virtual memory regions.
|
|---|
| 212 | eb4.237c: supR3HardNtEnableThreadCreation:
|
|---|