VirtualBox

Ticket #14383: VBoxStartup.log

File VBoxStartup.log, 383.9 KB (added by Ponof, 8 years ago)
Line 
178.183c: Log file opened: 5.0.2r102096 g_hStartupLog=0000000000000044 g_uNtVerCombined=0xa0280000
278.183c: \SystemRoot\System32\ntdll.dll:
378.183c: CreationTime: 2016-02-14T09:13:39.052060200Z
478.183c: LastWriteTime: 2016-01-31T06:24:08.504709500Z
578.183c: ChangeTime: 2016-02-15T18:56:30.861723300Z
678.183c: FileAttributes: 0x20
778.183c: Size: 0x1bd870
878.183c: NT Headers: 0xd8
978.183c: Timestamp: 0x56ad9704
1078.183c: Machine: 0x8664 - amd64
1178.183c: Timestamp: 0x56ad9704
1278.183c: Image Version: 10.0
1378.183c: SizeOfImage: 0x1c2000 (1843200)
1478.183c: Resource Dir: 0x15b000 LB 0x65718
1578.183c: ProductName: Microsoft® Windows® Operating System
1678.183c: ProductVersion: 10.0.10240.16683
1778.183c: FileVersion: 10.0.10240.16683 (th1.160130-1842)
1878.183c: FileDescription: NT Layer DLL
1978.183c: \SystemRoot\System32\kernel32.dll:
2078.183c: CreationTime: 2015-07-10T10:59:59.699781600Z
2178.183c: LastWriteTime: 2015-07-10T10:59:59.699781600Z
2278.183c: ChangeTime: 2015-10-26T21:21:03.376459200Z
2378.183c: FileAttributes: 0x20
2478.183c: Size: 0xab830
2578.183c: NT Headers: 0xf0
2678.183c: Timestamp: 0x559f38ad
2778.183c: Machine: 0x8664 - amd64
2878.183c: Timestamp: 0x559f38ad
2978.183c: Image Version: 10.0
3078.183c: SizeOfImage: 0xad000 (708608)
3178.183c: Resource Dir: 0xab000 LB 0x518
3278.183c: ProductName: Microsoft® Windows® Operating System
3378.183c: ProductVersion: 10.0.10240.16384
3478.183c: FileVersion: 10.0.10240.16384 (th1.150709-1700)
3578.183c: FileDescription: Windows NT BASE API Client DLL
3678.183c: \SystemRoot\System32\KernelBase.dll:
3778.183c: CreationTime: 2016-02-14T09:13:43.046683400Z
3878.183c: LastWriteTime: 2016-01-31T06:25:52.401093100Z
3978.183c: ChangeTime: 2016-02-15T18:56:30.486719700Z
4078.183c: FileAttributes: 0x20
4178.183c: Size: 0x1dc880
4278.183c: NT Headers: 0xf0
4378.183c: Timestamp: 0x56ad97a2
4478.183c: Machine: 0x8664 - amd64
4578.183c: Timestamp: 0x56ad97a2
4678.183c: Image Version: 10.0
4778.183c: SizeOfImage: 0x1dd000 (1953792)
4878.183c: Resource Dir: 0x1c7000 LB 0x530
4978.183c: ProductName: Microsoft® Windows® Operating System
5078.183c: ProductVersion: 10.0.10240.16683
5178.183c: FileVersion: 10.0.10240.16683 (th1.160130-1842)
5278.183c: FileDescription: Windows NT BASE API Client DLL
5378.183c: \SystemRoot\System32\apisetschema.dll:
5478.183c: CreationTime: 2015-07-10T11:00:04.872098600Z
5578.183c: LastWriteTime: 2015-07-10T11:00:04.872098600Z
5678.183c: ChangeTime: 2015-09-04T22:44:05.965798400Z
5778.183c: FileAttributes: 0x20
5878.183c: Size: 0x16760
5978.183c: NT Headers: 0xc8
6078.183c: Timestamp: 0x559f3e3d
6178.183c: Machine: 0x8664 - amd64
6278.183c: Timestamp: 0x559f3e3d
6378.183c: Image Version: 10.0
6478.183c: SizeOfImage: 0x17000 (94208)
6578.183c: Resource Dir: 0x16000 LB 0x3f0
6678.183c: ProductName: Microsoft® Windows® Operating System
6778.183c: ProductVersion: 10.0.10240.16384
6878.183c: FileVersion: 10.0.10240.16384 (th1.150709-1700)
6978.183c: FileDescription: ApiSet Schema DLL
7078.183c: NtOpenDirectoryObject failed on \Driver: 0xc0000022
7178.183c: supR3HardenedWinFindAdversaries: 0x4
7278.183c: \SystemRoot\System32\drivers\aswHwid.sys:
7378.183c: CreationTime: 2015-09-04T22:31:44.708479200Z
7478.183c: LastWriteTime: 2015-09-04T22:31:43.125021300Z
7578.183c: ChangeTime: 2015-09-04T22:31:44.371300700Z
7678.183c: FileAttributes: 0x20
7778.183c: Size: 0x6ff0
7878.183c: NT Headers: 0xe8
7978.183c: Timestamp: 0x55b66532
8078.183c: Machine: 0x8664 - amd64
8178.183c: Timestamp: 0x55b66532
8278.183c: Image Version: 6.0
8378.183c: SizeOfImage: 0xa000 (40960)
8478.183c: Resource Dir: 0x8000 LB 0x398
8578.183c: ProductName: Avast Antivirus
8678.183c: ProductVersion: 10.3.2225.1172
8778.183c: FileVersion: 10.3.2225.1172
8878.183c: FileDescription: avast! HWID
8978.183c: \SystemRoot\System32\drivers\aswMonFlt.sys:
9078.183c: CreationTime: 2015-09-04T22:31:44.708479200Z
9178.183c: LastWriteTime: 2015-09-04T22:31:43.137032600Z
9278.183c: ChangeTime: 2015-09-04T22:31:44.371300700Z
9378.183c: FileAttributes: 0x20
9478.183c: Size: 0x16358
9578.183c: NT Headers: 0xe8
9678.183c: Timestamp: 0x55b66516
9778.183c: Machine: 0x8664 - amd64
9878.183c: Timestamp: 0x55b66516
9978.183c: Image Version: 6.0
10078.183c: SizeOfImage: 0x24000 (147456)
10178.183c: Resource Dir: 0x22000 LB 0x3c0
10278.183c: ProductName: Avast Antivirus
10378.183c: ProductVersion: 10.3.2225.1172
10478.183c: FileVersion: 10.3.2225.1172
10578.183c: FileDescription: avast! File System Minifilter for Windows 2003/Vista
10678.183c: \SystemRoot\System32\drivers\aswRdr2.sys:
10778.183c: CreationTime: 2015-09-04T22:31:44.704481000Z
10878.183c: LastWriteTime: 2015-09-04T22:31:42.980946400Z
10978.183c: ChangeTime: 2015-09-04T22:31:44.371300700Z
11078.183c: FileAttributes: 0x20
11178.183c: Size: 0x16d58
11278.183c: NT Headers: 0xf0
11378.183c: Timestamp: 0x55b66550
11478.183c: Machine: 0x8664 - amd64
11578.183c: Timestamp: 0x55b66550
11678.183c: Image Version: 6.1
11778.183c: SizeOfImage: 0x1a000 (106496)
11878.183c: Resource Dir: 0x18000 LB 0x3a8
11978.183c: ProductName: Avast Antivirus
12078.183c: ProductVersion: 10.3.2225.1172
12178.183c: FileVersion: 10.3.2225.1172 built by: WinDDK
12278.183c: FileDescription: avast! WFP Redirect Driver
12378.183c: \SystemRoot\System32\drivers\aswRvrt.sys:
12478.183c: CreationTime: 2015-09-04T22:31:44.712479200Z
12578.183c: LastWriteTime: 2015-09-04T22:31:43.145023400Z
12678.183c: ChangeTime: 2015-09-04T22:31:44.371300700Z
12778.183c: FileAttributes: 0x20
12878.183c: Size: 0xfec8
12978.183c: NT Headers: 0xf8
13078.183c: Timestamp: 0x55b66505
13178.183c: Machine: 0x8664 - amd64
13278.183c: Timestamp: 0x55b66505
13378.183c: Image Version: 6.0
13478.183c: SizeOfImage: 0x13000 (77824)
13578.183c: Resource Dir: 0x11000 LB 0x398
13678.183c: ProductName: Avast Antivirus
13778.183c: ProductVersion: 10.3.2225.1172
13878.183c: FileVersion: 10.3.2225.1172
13978.183c: FileDescription: avast! Revert
14078.183c: \SystemRoot\System32\drivers\aswSnx.sys:
14178.183c: CreationTime: 2015-09-04T22:31:44.696478100Z
14278.183c: LastWriteTime: 2015-11-12T10:31:56.443927500Z
14378.183c: ChangeTime: 2015-11-12T10:31:56.443927500Z
14478.183c: FileAttributes: 0x20
14578.183c: Size: 0x102b48
14678.183c: NT Headers: 0xe8
14778.183c: Timestamp: 0x5631cc02
14878.183c: Machine: 0x8664 - amd64
14978.183c: Timestamp: 0x5631cc02
15078.183c: Image Version: 6.0
15178.183c: SizeOfImage: 0x106000 (1073152)
15278.183c: Resource Dir: 0xfe000 LB 0x388
15378.183c: ProductName: Avast Antivirus
15478.183c: ProductVersion: 10.3.2225.1189
15578.183c: FileVersion: 10.3.2225.1189
15678.183c: FileDescription: avast! Virtualization Driver
15778.183c: \SystemRoot\System32\drivers\aswsp.sys:
15878.183c: CreationTime: 2015-09-04T22:31:44.716626700Z
15978.183c: LastWriteTime: 2015-11-12T10:31:56.527020600Z
16078.183c: ChangeTime: 2015-11-12T10:31:56.527020600Z
16178.183c: FileAttributes: 0x20
16278.183c: Size: 0x6ddc8
16378.183c: NT Headers: 0x100
16478.183c: Timestamp: 0x5631d051
16578.183c: Machine: 0x8664 - amd64
16678.183c: Timestamp: 0x5631d051
16778.183c: Image Version: 6.0
16878.183c: SizeOfImage: 0x75000 (479232)
16978.183c: Resource Dir: 0x73000 LB 0x380
17078.183c: ProductName: Avast Antivirus
17178.183c: ProductVersion: 10.3.2225.1189
17278.183c: FileVersion: 10.3.2225.1189
17378.183c: FileDescription: avast! self protection module
17478.183c: \SystemRoot\System32\drivers\aswStm.sys:
17578.183c: CreationTime: 2015-09-04T22:31:44.716626700Z
17678.183c: LastWriteTime: 2015-09-04T22:31:43.213027900Z
17778.183c: ChangeTime: 2015-09-04T22:31:44.375306800Z
17878.183c: FileAttributes: 0x20
17978.183c: Size: 0x24c90
18078.183c: NT Headers: 0x100
18178.183c: Timestamp: 0x55b66c74
18278.183c: Machine: 0x8664 - amd64
18378.183c: Timestamp: 0x55b66c74
18478.183c: Image Version: 6.2
18578.183c: SizeOfImage: 0x27000 (159744)
18678.183c: Resource Dir: 0x25000 LB 0x360
18778.183c: ProductName: Avast Antivirus
18878.183c: ProductVersion: 10.3.2225.1172
18978.183c: FileVersion: 10.3.2225.1172
19078.183c: FileDescription: Stream Filter
19178.183c: \SystemRoot\System32\drivers\aswVmm.sys:
19278.183c: CreationTime: 2015-09-04T22:31:44.716626700Z
19378.183c: LastWriteTime: 2015-09-04T22:31:43.181025600Z
19478.183c: ChangeTime: 2015-09-04T22:31:44.375306800Z
19578.183c: FileAttributes: 0x20
19678.183c: Size: 0x43178
19778.183c: NT Headers: 0xf8
19878.183c: Timestamp: 0x55b66b89
19978.183c: Machine: 0x8664 - amd64
20078.183c: Timestamp: 0x55b66b89
20178.183c: Image Version: 6.0
20278.183c: SizeOfImage: 0x45000 (282624)
20378.183c: Resource Dir: 0x42000 LB 0x3a0
20478.183c: ProductName: Avast Antivirus
20578.183c: ProductVersion: 10.3.2225.1172
20678.183c: FileVersion: 10.3.2225.1172
20778.183c: FileDescription: avast! VM Monitor
20878.183c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
20978.183c: Calling main()
21078.183c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
21178.183c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
21278.183c: SUPR3HardenedMain: Respawn #1
21378.183c: System32: \Device\HarddiskVolume4\Windows\System32
21478.183c: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
21578.183c: KnownDllPath: C:\WINDOWS\system32
21678.183c: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
21778.183c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
21878.183c: supR3HardNtEnableThreadCreation:
21978.183c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffcdccebe60 pvNtTerminateThread=00007ffcdcd13d50
22078.183c: supR3HardenedWinDoReSpawn(1): New child 1e20.c78 [kernel32].
22178.183c: supR3HardNtChildGatherData: PebBaseAddress=00007ff658297000 cbPeb=0x388
22278.183c: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffcdcc80000 uNtDllChildAddr=00007ffcdcc80000
22378.183c: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffcdccebe60
22478.183c: supR3HardenedWinSetupChildInit: Start child.
22578.183c: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
22678.183c: supR3HardNtChildPurify: Startup delay kludge #1/0: 519 ms, 60 sleeps
22778.183c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
22878.183c: *0000000000000000-ffffffffff9fffff 0x0001/0x0000 0x0000000
22978.183c: *0000000000600000-00000000005dffff 0x0004/0x0004 0x0020000
23078.183c: *0000000000620000-000000000060bfff 0x0002/0x0002 0x0040000
23178.183c: 0000000000634000-0000000000627fff 0x0001/0x0000 0x0000000
23278.183c: *0000000000640000-0000000000543fff 0x0000/0x0004 0x0020000
23378.183c: 000000000073c000-0000000000738fff 0x0104/0x0004 0x0020000
23478.183c: 000000000073f000-000000000073dfff 0x0004/0x0004 0x0020000
23578.183c: *0000000000740000-000000000073bfff 0x0002/0x0002 0x0040000
23678.183c: 0000000000744000-0000000000737fff 0x0001/0x0000 0x0000000
23778.183c: *0000000000750000-000000000074dfff 0x0004/0x0004 0x0020000
23878.183c: 0000000000752000-ffffffff80ec3fff 0x0001/0x0000 0x0000000
23978.183c: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
24078.183c: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
24178.183c: 000000007fff0000-ffff800aa7d6ffff 0x0001/0x0000 0x0000000
24278.183c: *00007ff658270000-00007ff65824cfff 0x0002/0x0002 0x0040000
24378.183c: 00007ff658293000-00007ff65828efff 0x0001/0x0000 0x0000000
24478.183c: *00007ff658297000-00007ff658295fff 0x0004/0x0004 0x0020000
24578.183c: 00007ff658298000-00007ff658291fff 0x0001/0x0000 0x0000000
24678.183c: *00007ff65829e000-00007ff65829bfff 0x0004/0x0004 0x0020000
24778.183c: 00007ff6582a0000-00007ff657e2ffff 0x0001/0x0000 0x0000000
24878.183c: *00007ff658710000-00007ff658710fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
24978.183c: 00007ff658711000-00007ff658796fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
25078.183c: 00007ff658797000-00007ff658797fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
25178.183c: 00007ff658798000-00007ff6587e1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
25278.183c: 00007ff6587e2000-00007ff6587e2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
25378.183c: 00007ff6587e3000-00007ff6587e3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
25478.183c: 00007ff6587e4000-00007ff6587e5fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
25578.183c: 00007ff6587e6000-00007ff6587e6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
25678.183c: 00007ff6587e7000-00007ff6587e7fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
25778.183c: 00007ff6587e8000-00007ff6587ebfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
25878.183c: 00007ff6587ec000-00007ff658835fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
25978.183c: 00007ff658836000-00007ff05420bfff 0x0001/0x0000 0x0000000
26078.183c: *00007ffc5ce60000-00007ffc5ce5cfff 0x0040/0x0040 0x0020000 !!
26178.183c: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 00007ffc5ce60000 (LB 0x3000, 00007ffc5ce60000 LB 0x3000)
26278.183c: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [00007ffc5ce60000/00007ffc5ce60000 LB 0/0x3000]
26378.183c: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/00007ffc5ce60000 LB 0x7fe20000 s=0x10000 ap=0x0 rp=0x00000000000001
26478.183c: 00007ffc5ce63000-00007ffbdd045fff 0x0001/0x0000 0x0000000
26578.183c: *00007ffcdcc80000-00007ffcdcc80fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
26678.183c: 00007ffcdcc81000-00007ffcdcd7dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
26778.183c: 00007ffcdcd7e000-00007ffcdcdbffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
26878.183c: 00007ffcdcdc0000-00007ffcdcdc8fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
26978.183c: 00007ffcdcdc9000-00007ffcdcdd6fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
27078.183c: 00007ffcdcdd7000-00007ffcdcdd7fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
27178.183c: 00007ffcdcdd8000-00007ffcdcddafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
27278.183c: 00007ffcdcddb000-00007ffcdce41fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
27378.183c: 00007ffcdce42000-00007ff9b9ca3fff 0x0001/0x0000 0x0000000
27478.183c: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
27578.183c: VirtualBox.exe: timestamp 0x55ccc4d5 (rc=VINF_SUCCESS)
27678.183c: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
27778.183c: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
27878.183c: ntdll.dll: Differences in section #1 (.text) between file and memory:
27978.183c: 00007ffcdcd138d0 / 0x00938d0: 4c != e9
28078.183c: 00007ffcdcd138d1 / 0x00938d1: 8b != 7b
28178.183c: 00007ffcdcd138d2 / 0x00938d2: d1 != cb
28278.183c: 00007ffcdcd138d3 / 0x00938d3: b8 != 14
28378.183c: 00007ffcdcd138d4 / 0x00938d4: 0b != 80
28478.183c: 00007ffcdcd13920 / 0x0093920: 4c != e9
28578.183c: 00007ffcdcd13921 / 0x0093921: 8b != 1b
28678.183c: 00007ffcdcd13922 / 0x0093922: d1 != cb
28778.183c: 00007ffcdcd13923 / 0x0093923: b8 != 14
28878.183c: 00007ffcdcd13924 / 0x0093924: 10 != 80
28978.183c: 00007ffcdcd13a80 / 0x0093a80: 4c != e9
29078.183c: 00007ffcdcd13a81 / 0x0093a81: 8b != db
29178.183c: 00007ffcdcd13a82 / 0x0093a82: d1 != c8
29278.183c: 00007ffcdcd13a83 / 0x0093a83: b8 != 14
29378.183c: 00007ffcdcd13a84 / 0x0093a84: 26 != 80
29478.183c: 00007ffcdcd13ad0 / 0x0093ad0: 4c != e9
29578.183c: 00007ffcdcd13ad2 / 0x0093ad2: d1 != c9
29678.183c: 00007ffcdcd13ad3 / 0x0093ad3: b8 != 14
29778.183c: 00007ffcdcd13ad4 / 0x0093ad4: 2b != 80
29878.183c: 00007ffcdcd13ae0 / 0x0093ae0: 4c != e9
29978.183c: 00007ffcdcd13ae1 / 0x0093ae1: 8b != eb
30078.183c: 00007ffcdcd13ae2 / 0x0093ae2: d1 != c8
30178.183c: 00007ffcdcd13ae3 / 0x0093ae3: b8 != 14
30278.183c: 00007ffcdcd13ae4 / 0x0093ae4: 2c != 80
30378.183c: 00007ffcdcd13b90 / 0x0093b90: 4c != e9
30478.183c: 00007ffcdcd13b91 / 0x0093b91: 8b != 7b
30578.183c: 00007ffcdcd13b92 / 0x0093b92: d1 != c7
30678.183c: 00007ffcdcd13b93 / 0x0093b93: b8 != 14
30778.183c: 00007ffcdcd13b94 / 0x0093b94: 37 != 80
30878.183c: 00007ffcdcd13bc0 / 0x0093bc0: 4c != e9
30978.183c: 00007ffcdcd13bc1 / 0x0093bc1: 8b != db
31078.183c: 00007ffcdcd13bc2 / 0x0093bc2: d1 != c7
31178.183c: 00007ffcdcd13bc3 / 0x0093bc3: b8 != 14
31278.183c: 00007ffcdcd13bc4 / 0x0093bc4: 3a != 80
31378.183c: 00007ffcdcd13be0 / 0x0093be0: 4c != e9
31478.183c: 00007ffcdcd13be1 / 0x0093be1: 8b != 9b
31578.183c: 00007ffcdcd13be2 / 0x0093be2: d1 != c7
31678.183c: 00007ffcdcd13be3 / 0x0093be3: b8 != 14
31778.183c: 00007ffcdcd13be4 / 0x0093be4: 3c != 80
31878.183c: 00007ffcdcd13c20 / 0x0093c20: 4c != e9
31978.183c: 00007ffcdcd13c21 / 0x0093c21: 8b != ab
32078.183c: 00007ffcdcd13c22 / 0x0093c22: d1 != c6
32178.183c: 00007ffcdcd13c23 / 0x0093c23: b8 != 14
32278.183c: 00007ffcdcd13c24 / 0x0093c24: 40 != 80
32378.183c: 00007ffcdcd13ca0 / 0x0093ca0: 4c != e9
32478.183c: 00007ffcdcd13ca1 / 0x0093ca1: 8b != 1b
32578.183c: 00007ffcdcd13ca2 / 0x0093ca2: d1 != c6
32678.183c: 00007ffcdcd13ca3 / 0x0093ca3: b8 != 14
32778.183c: 00007ffcdcd13ca4 / 0x0093ca4: 48 != 80
32878.183c: 00007ffcdcd13cc0 / 0x0093cc0: 4c != e9
32978.183c: 00007ffcdcd13cc1 / 0x0093cc1: 8b != 3b
33078.183c: 00007ffcdcd13cc2 / 0x0093cc2: d1 != c6
33178.183c: 00007ffcdcd13cc3 / 0x0093cc3: b8 != 14
33278.183c: 00007ffcdcd13cc4 / 0x0093cc4: 4a != 80
33378.183c: 00007ffcdcd13d00 / 0x0093d00: 4c != e9
33478.183c: 00007ffcdcd13d01 / 0x0093d01: 8b != ab
33578.183c: 00007ffcdcd13d02 / 0x0093d02: d1 != c6
33678.183c: 00007ffcdcd13d03 / 0x0093d03: b8 != 14
33778.183c: 00007ffcdcd13d04 / 0x0093d04: 4e != 80
33878.183c: 00007ffcdcd13d50 / 0x0093d50: 4c != e9
33978.183c: 00007ffcdcd13d52 / 0x0093d52: d1 != c6
34078.183c: 00007ffcdcd13d53 / 0x0093d53: b8 != 14
34178.183c: 00007ffcdcd13d54 / 0x0093d54: 53 != 80
34278.183c: Restored 0x2000 bytes of original file content at 00007ffcdcd11e6e
34378.183c: ntdll.dll: Differences in section #1 (.text) between file and memory:
34478.183c: 00007ffcdcd13ea0 / 0x0093ea0: 4c != e9
34578.183c: 00007ffcdcd13ea1 / 0x0093ea1: 8b != 7b
34678.183c: 00007ffcdcd13ea2 / 0x0093ea2: d1 != c3
34778.183c: 00007ffcdcd13ea3 / 0x0093ea3: b8 != 14
34878.183c: 00007ffcdcd13ea4 / 0x0093ea4: 68 != 80
34978.183c: 00007ffcdcd140a0 / 0x00940a0: 4c != e9
35078.183c: 00007ffcdcd140a1 / 0x00940a1: 8b != cb
35178.183c: 00007ffcdcd140a2 / 0x00940a2: d1 != c3
35278.183c: 00007ffcdcd140a3 / 0x00940a3: b8 != 14
35378.183c: 00007ffcdcd140a4 / 0x00940a4: 88 != 80
35478.183c: 00007ffcdcd140d0 / 0x00940d0: 4c != e9
35578.183c: 00007ffcdcd140d1 / 0x00940d1: 8b != bb
35678.183c: 00007ffcdcd140d2 / 0x00940d2: d1 != c2
35778.183c: 00007ffcdcd140d3 / 0x00940d3: b8 != 14
35878.183c: 00007ffcdcd140d4 / 0x00940d4: 8b != 80
35978.183c: 00007ffcdcd14200 / 0x0094200: 4c != e9
36078.183c: 00007ffcdcd14201 / 0x0094201: 8b != db
36178.183c: 00007ffcdcd14202 / 0x0094202: d1 != c0
36278.183c: 00007ffcdcd14203 / 0x0094203: b8 != 14
36378.183c: 00007ffcdcd14204 / 0x0094204: 9e != 80
36478.183c: 00007ffcdcd14220 / 0x0094220: 4c != e9
36578.183c: 00007ffcdcd14221 / 0x0094221: 8b != 1b
36678.183c: 00007ffcdcd14222 / 0x0094222: d1 != c1
36778.183c: 00007ffcdcd14223 / 0x0094223: b8 != 14
36878.183c: 00007ffcdcd14224 / 0x0094224: a0 != 80
36978.183c: 00007ffcdcd14290 / 0x0094290: 4c != e9
37078.183c: 00007ffcdcd14291 / 0x0094291: 8b != eb
37178.183c: 00007ffcdcd14292 / 0x0094292: d1 != bf
37278.183c: 00007ffcdcd14293 / 0x0094293: b8 != 14
37378.183c: 00007ffcdcd14294 / 0x0094294: a7 != 80
37478.183c: 00007ffcdcd14330 / 0x0094330: 4c != e9
37578.183c: 00007ffcdcd14331 / 0x0094331: 8b != 6b
37678.183c: 00007ffcdcd14332 / 0x0094332: d1 != bf
37778.183c: 00007ffcdcd14333 / 0x0094333: b8 != 14
37878.183c: 00007ffcdcd14334 / 0x0094334: b1 != 80
37978.183c: 00007ffcdcd14350 / 0x0094350: 4c != e9
38078.183c: 00007ffcdcd14351 / 0x0094351: 8b != 6b
38178.183c: 00007ffcdcd14352 / 0x0094352: d1 != c0
38278.183c: 00007ffcdcd14353 / 0x0094353: b8 != 14
38378.183c: 00007ffcdcd14354 / 0x0094354: b3 != 80
38478.183c: 00007ffcdcd14360 / 0x0094360: 4c != e9
38578.183c: 00007ffcdcd14361 / 0x0094361: 8b != bb
38678.183c: 00007ffcdcd14362 / 0x0094362: d1 != bf
38778.183c: 00007ffcdcd14363 / 0x0094363: b8 != 14
38878.183c: 00007ffcdcd14364 / 0x0094364: b4 != 80
38978.183c: 00007ffcdcd14410 / 0x0094410: 4c != e9
39078.183c: 00007ffcdcd14411 / 0x0094411: 8b != eb
39178.183c: 00007ffcdcd14412 / 0x0094412: d1 != bf
39278.183c: 00007ffcdcd14413 / 0x0094413: b8 != 14
39378.183c: 00007ffcdcd14414 / 0x0094414: bf != 80
39478.183c: 00007ffcdcd14440 / 0x0094440: 4c != e9
39578.183c: 00007ffcdcd14441 / 0x0094441: 8b != eb
39678.183c: 00007ffcdcd14442 / 0x0094442: d1 != bd
39778.183c: 00007ffcdcd14443 / 0x0094443: b8 != 14
39878.183c: 00007ffcdcd14444 / 0x0094444: c2 != 80
39978.183c: 00007ffcdcd14770 / 0x0094770: 4c != e9
40078.183c: 00007ffcdcd14771 / 0x0094771: 8b != 5b
40178.183c: 00007ffcdcd14772 / 0x0094772: d1 != ba
40278.183c: 00007ffcdcd14773 / 0x0094773: b8 != 14
40378.183c: 00007ffcdcd14774 / 0x0094774: f5 != 80
40478.183c: 00007ffcdcd14840 / 0x0094840: 4c != e9
40578.183c: 00007ffcdcd14841 / 0x0094841: 8b != fb
40678.183c: 00007ffcdcd14842 / 0x0094842: d1 != b9
40778.183c: 00007ffcdcd14843 / 0x0094843: b8 != 14
40878.183c: 00007ffcdcd14844 / 0x0094844: 02 != 80
40978.183c: 00007ffcdcd14870 / 0x0094870: 4c != e9
41078.183c: 00007ffcdcd14871 / 0x0094871: 8b != 0b
41178.183c: 00007ffcdcd14872 / 0x0094872: d1 != bc
41278.183c: 00007ffcdcd14873 / 0x0094873: b8 != 14
41378.183c: 00007ffcdcd14874 / 0x0094874: 05 != 80
41478.183c: 00007ffcdcd14880 / 0x0094880: 4c != e9
41578.183c: 00007ffcdcd14881 / 0x0094881: 8b != 0b
41678.183c: 00007ffcdcd14882 / 0x0094882: d1 != bc
41778.183c: 00007ffcdcd14883 / 0x0094883: b8 != 14
41878.183c: 00007ffcdcd14884 / 0x0094884: 06 != 80
41978.183c: 00007ffcdcd148b0 / 0x00948b0: 4c != e9
42078.183c: 00007ffcdcd148b1 / 0x00948b1: 8b != 3b
42178.183c: 00007ffcdcd148b2 / 0x00948b2: d1 != ba
42278.183c: 00007ffcdcd148b3 / 0x00948b3: b8 != 14
42378.183c: 00007ffcdcd148b4 / 0x00948b4: 09 != 80
42478.183c: 00007ffcdcd148c0 / 0x00948c0: 4c != e9
42578.183c: 00007ffcdcd148c2 / 0x00948c2: d1 != ba
42678.183c: 00007ffcdcd148c3 / 0x00948c3: b8 != 14
42778.183c: 00007ffcdcd148c4 / 0x00948c4: 0a != 80
42878.183c: 00007ffcdcd14920 / 0x0094920: 4c != e9
42978.183c: 00007ffcdcd14921 / 0x0094921: 8b != 6b
43078.183c: 00007ffcdcd14922 / 0x0094922: d1 != b9
43178.183c: 00007ffcdcd14923 / 0x0094923: b8 != 14
43278.183c: 00007ffcdcd14924 / 0x0094924: 10 != 80
43378.183c: 00007ffcdcd14980 / 0x0094980: 4c != e9
43478.183c: 00007ffcdcd14981 / 0x0094981: 8b != 2b
43578.183c: 00007ffcdcd14982 / 0x0094982: d1 != b9
43678.183c: 00007ffcdcd14983 / 0x0094983: b8 != 14
43778.183c: 00007ffcdcd14984 / 0x0094984: 16 != 80
43878.183c: 00007ffcdcd149b0 / 0x00949b0: 4c != e9
43978.183c: 00007ffcdcd149b1 / 0x00949b1: 8b != bb
44078.183c: 00007ffcdcd149b2 / 0x00949b2: d1 != b9
44178.183c: 00007ffcdcd149b3 / 0x00949b3: b8 != 14
44278.183c: 00007ffcdcd149b4 / 0x00949b4: 19 != 80
44378.183c: 00007ffcdcd149c0 / 0x00949c0: 4c != e9
44478.183c: 00007ffcdcd149c1 / 0x00949c1: 8b != 6b
44578.183c: 00007ffcdcd149c2 / 0x00949c2: d1 != b9
44678.183c: 00007ffcdcd149c3 / 0x00949c3: b8 != 14
44778.183c: 00007ffcdcd149c4 / 0x00949c4: 1a != 80
44878.183c: 00007ffcdcd14cd0 / 0x0094cd0: 4c != e9
44978.183c: 00007ffcdcd14cd1 / 0x0094cd1: 8b != 5b
45078.183c: 00007ffcdcd14cd2 / 0x0094cd2: d1 != b7
45178.183c: 00007ffcdcd14cd3 / 0x0094cd3: b8 != 14
45278.183c: 00007ffcdcd14cd4 / 0x0094cd4: 4b != 80
45378.183c: 00007ffcdcd14ee0 / 0x0094ee0: 4c != e9
45478.183c: 00007ffcdcd14ee1 / 0x0094ee1: 8b != 6b
45578.183c: 00007ffcdcd14ee2 / 0x0094ee2: d1 != b3
45678.183c: 00007ffcdcd14ee3 / 0x0094ee3: b8 != 14
45778.183c: 00007ffcdcd14ee4 / 0x0094ee4: 6c != 80
45878.183c: 00007ffcdcd14ef0 / 0x0094ef0: 4c != e9
45978.183c: 00007ffcdcd14ef1 / 0x0094ef1: 8b != 6b
46078.183c: 00007ffcdcd14ef2 / 0x0094ef2: d1 != b3
46178.183c: 00007ffcdcd14ef3 / 0x0094ef3: b8 != 14
46278.183c: 00007ffcdcd14ef4 / 0x0094ef4: 6d != 80
46378.183c: 00007ffcdcd14f10 / 0x0094f10: 4c != e9
46478.183c: 00007ffcdcd14f11 / 0x0094f11: 8b != db
46578.183c: 00007ffcdcd14f12 / 0x0094f12: d1 != b4
46678.183c: 00007ffcdcd14f13 / 0x0094f13: b8 != 14
46778.183c: 00007ffcdcd14f14 / 0x0094f14: 6f != 80
46878.183c: 00007ffcdcd15100 / 0x0095100: 4c != e9
46978.183c: 00007ffcdcd15101 / 0x0095101: 8b != db
47078.183c: 00007ffcdcd15102 / 0x0095102: d1 != b0
47178.183c: 00007ffcdcd15103 / 0x0095103: b8 != 14
47278.183c: 00007ffcdcd15104 / 0x0095104: 8e != 80
47378.183c: 00007ffcdcd15110 / 0x0095110: 4c != e9
47478.183c: 00007ffcdcd15111 / 0x0095111: 8b != eb
47578.183c: 00007ffcdcd15112 / 0x0095112: d1 != b0
47678.183c: 00007ffcdcd15113 / 0x0095113: b8 != 14
47778.183c: 00007ffcdcd15114 / 0x0095114: 8f != 80
47878.183c: 00007ffcdcd151a0 / 0x00951a0: 4c != e9
47978.183c: 00007ffcdcd151a1 / 0x00951a1: 8b != 4b
48078.183c: 00007ffcdcd151a2 / 0x00951a2: d1 != b0
48178.183c: 00007ffcdcd151a3 / 0x00951a3: b8 != 14
48278.183c: 00007ffcdcd151a4 / 0x00951a4: 98 != 80
48378.183c: 00007ffcdcd15210 / 0x0095210: 4c != e9
48478.183c: 00007ffcdcd15211 / 0x0095211: 8b != fb
48578.183c: 00007ffcdcd15212 / 0x0095212: d1 != b1
48678.183c: 00007ffcdcd15213 / 0x0095213: b8 != 14
48778.183c: 00007ffcdcd15214 / 0x0095214: 9f != 80
48878.183c: 00007ffcdcd15220 / 0x0095220: 4c != e9
48978.183c: 00007ffcdcd15221 / 0x0095221: 8b != fb
49078.183c: 00007ffcdcd15222 / 0x0095222: d1 != b1
49178.183c: 00007ffcdcd15223 / 0x0095223: b8 != 14
49278.183c: 00007ffcdcd15224 / 0x0095224: a0 != 80
49378.183c: 00007ffcdcd15230 / 0x0095230: 4c != e9
49478.183c: 00007ffcdcd15231 / 0x0095231: 8b != db
49578.183c: 00007ffcdcd15232 / 0x0095232: d1 != af
49678.183c: 00007ffcdcd15233 / 0x0095233: b8 != 14
49778.183c: 00007ffcdcd15234 / 0x0095234: a1 != 80
49878.183c: 00007ffcdcd15340 / 0x0095340: 4c != e9
49978.183c: 00007ffcdcd15341 / 0x0095341: 8b != 2b
50078.183c: 00007ffcdcd15342 / 0x0095342: d1 != af
50178.183c: 00007ffcdcd15343 / 0x0095343: b8 != 14
50278.183c: 00007ffcdcd15344 / 0x0095344: b2 != 80
50378.183c: Restored 0x2000 bytes of original file content at 00007ffcdcd13e6e
50478.183c: supR3HardNtChildPurify: cFixes=3 g_fSupAdversaries=0x4
50578.183c: supR3HardNtChildPurify: Startup delay kludge #1/1: 514 ms, 60 sleeps
50678.183c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
50778.183c: *0000000000000000-ffffffffff9fffff 0x0001/0x0000 0x0000000
50878.183c: *0000000000600000-00000000005dffff 0x0004/0x0004 0x0020000
50978.183c: *0000000000620000-000000000060bfff 0x0002/0x0002 0x0040000
51078.183c: 0000000000634000-0000000000627fff 0x0001/0x0000 0x0000000
51178.183c: *0000000000640000-0000000000543fff 0x0000/0x0004 0x0020000
51278.183c: 000000000073c000-0000000000738fff 0x0104/0x0004 0x0020000
51378.183c: 000000000073f000-000000000073dfff 0x0004/0x0004 0x0020000
51478.183c: *0000000000740000-000000000073bfff 0x0002/0x0002 0x0040000
51578.183c: 0000000000744000-0000000000737fff 0x0001/0x0000 0x0000000
51678.183c: *0000000000750000-000000000074dfff 0x0004/0x0004 0x0020000
51778.183c: 0000000000752000-ffffffff80ec3fff 0x0001/0x0000 0x0000000
51878.183c: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
51978.183c: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
52078.183c: 000000007fff0000-ffff800aa7d6ffff 0x0001/0x0000 0x0000000
52178.183c: *00007ff658270000-00007ff65824cfff 0x0002/0x0002 0x0040000
52278.183c: 00007ff658293000-00007ff65828efff 0x0001/0x0000 0x0000000
52378.183c: *00007ff658297000-00007ff658295fff 0x0004/0x0004 0x0020000
52478.183c: 00007ff658298000-00007ff658291fff 0x0001/0x0000 0x0000000
52578.183c: *00007ff65829e000-00007ff65829bfff 0x0004/0x0004 0x0020000
52678.183c: 00007ff6582a0000-00007ff657e2ffff 0x0001/0x0000 0x0000000
52778.183c: *00007ff658710000-00007ff658710fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
52878.183c: 00007ff658711000-00007ff658796fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
52978.183c: 00007ff658797000-00007ff658797fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
53078.183c: 00007ff658798000-00007ff6587e1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
53178.183c: 00007ff6587e2000-00007ff6587ebfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
53278.183c: 00007ff6587ec000-00007ff658835fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
53378.183c: 00007ff658836000-00007fefd43ebfff 0x0001/0x0000 0x0000000
53478.183c: *00007ffcdcc80000-00007ffcdcc80fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
53578.183c: 00007ffcdcc81000-00007ffcdcd7dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
53678.183c: 00007ffcdcd7e000-00007ffcdcdbffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
53778.183c: 00007ffcdcdc0000-00007ffcdcdc3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
53878.183c: 00007ffcdcdc4000-00007ffcdcdc8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
53978.183c: 00007ffcdcdc9000-00007ffcdcdd6fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
54078.183c: 00007ffcdcdd7000-00007ffcdcdd7fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
54178.183c: 00007ffcdcdd8000-00007ffcdcddafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
54278.183c: 00007ffcdcddb000-00007ffcdce41fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
54378.183c: 00007ffcdce42000-00007ff9b9ca3fff 0x0001/0x0000 0x0000000
54478.183c: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
54578.183c: supR3HardNtChildPurify: Done after 1123 ms and 3 fixes (loop #1).
5461e20.c78: Log file opened: 5.0.2r102096 g_hStartupLog=0000000000000008 g_uNtVerCombined=0xa0280000
5471e20.c78: supR3HardenedVmProcessInit: uNtDllAddr=00007ffcdcc80000
5481e20.c78: ntdll.dll: timestamp 0x56ad9704 (rc=VINF_SUCCESS)
54978.183c: supR3HardNtEnableThreadCreation:
5501e20.c78: New simple heap: #1 0000000000860000 LB 0x400000 (for 1843200 allocation)
5511e20.c78: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
5521e20.c78: System32: \Device\HarddiskVolume4\Windows\System32
5531e20.c78: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
5541e20.c78: KnownDllPath: C:\WINDOWS\system32
5551e20.c78: supR3HardenedVmProcessInit: Opening vboxdrv stub...
5561e20.c78: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
5571e20.c78: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
5581e20.c78: Registered Dll notification callback with NTDLL.
5591e20.c78: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
5601e20.c78: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
5611e20.c78: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801:<flags> [calling]
5621e20.c78: supR3HardenedDllNotificationCallback: load 00007ffcda0c0000 LB 0x001dd000 C:\WINDOWS\system32\KERNELBASE.dll [fFlags=0x0]
5631e20.c78: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
5641e20.c78: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
5651e20.c78: supR3HardenedDllNotificationCallback: load 00007ffcdc870000 LB 0x000ad000 C:\WINDOWS\system32\KERNEL32.DLL [fFlags=0x0]
5661e20.c78: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
5671e20.c78: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcdc870000 'C:\WINDOWS\system32\KERNEL32.DLL'
5681e20.c78: supR3HardenedDllNotificationCallback: load 00007ff658710000 LB 0x00126000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
5691e20.c78: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
5701e20.c78: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
5711e20.c78: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
5721e20.c78: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffcdccebe60 pvNtTerminateThread=00007ffcdcd13d50
57378.183c: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 119 ms.
5741e20.c78: \SystemRoot\System32\ntdll.dll:
5751e20.c78: CreationTime: 2016-02-14T09:13:39.052060200Z
5761e20.c78: LastWriteTime: 2016-01-31T06:24:08.504709500Z
5771e20.c78: ChangeTime: 2016-02-15T18:56:30.861723300Z
5781e20.c78: FileAttributes: 0x20
5791e20.c78: Size: 0x1bd870
5801e20.c78: NT Headers: 0xd8
5811e20.c78: Timestamp: 0x56ad9704
5821e20.c78: Machine: 0x8664 - amd64
5831e20.c78: Timestamp: 0x56ad9704
5841e20.c78: Image Version: 10.0
5851e20.c78: SizeOfImage: 0x1c2000 (1843200)
5861e20.c78: Resource Dir: 0x15b000 LB 0x65718
5871e20.c78: ProductName: Microsoft® Windows® Operating System
5881e20.c78: ProductVersion: 10.0.10240.16683
5891e20.c78: FileVersion: 10.0.10240.16683 (th1.160130-1842)
5901e20.c78: FileDescription: NT Layer DLL
5911e20.c78: \SystemRoot\System32\kernel32.dll:
5921e20.c78: CreationTime: 2015-07-10T10:59:59.699781600Z
5931e20.c78: LastWriteTime: 2015-07-10T10:59:59.699781600Z
5941e20.c78: ChangeTime: 2015-10-26T21:21:03.376459200Z
5951e20.c78: FileAttributes: 0x20
5961e20.c78: Size: 0xab830
5971e20.c78: NT Headers: 0xf0
5981e20.c78: Timestamp: 0x559f38ad
5991e20.c78: Machine: 0x8664 - amd64
6001e20.c78: Timestamp: 0x559f38ad
6011e20.c78: Image Version: 10.0
6021e20.c78: SizeOfImage: 0xad000 (708608)
6031e20.c78: Resource Dir: 0xab000 LB 0x518
6041e20.c78: ProductName: Microsoft® Windows® Operating System
6051e20.c78: ProductVersion: 10.0.10240.16384
6061e20.c78: FileVersion: 10.0.10240.16384 (th1.150709-1700)
6071e20.c78: FileDescription: Windows NT BASE API Client DLL
6081e20.c78: \SystemRoot\System32\KernelBase.dll:
6091e20.c78: CreationTime: 2016-02-14T09:13:43.046683400Z
6101e20.c78: LastWriteTime: 2016-01-31T06:25:52.401093100Z
6111e20.c78: ChangeTime: 2016-02-15T18:56:30.486719700Z
6121e20.c78: FileAttributes: 0x20
6131e20.c78: Size: 0x1dc880
6141e20.c78: NT Headers: 0xf0
6151e20.c78: Timestamp: 0x56ad97a2
6161e20.c78: Machine: 0x8664 - amd64
6171e20.c78: Timestamp: 0x56ad97a2
6181e20.c78: Image Version: 10.0
6191e20.c78: SizeOfImage: 0x1dd000 (1953792)
6201e20.c78: Resource Dir: 0x1c7000 LB 0x530
6211e20.c78: ProductName: Microsoft® Windows® Operating System
6221e20.c78: ProductVersion: 10.0.10240.16683
6231e20.c78: FileVersion: 10.0.10240.16683 (th1.160130-1842)
6241e20.c78: FileDescription: Windows NT BASE API Client DLL
6251e20.c78: \SystemRoot\System32\apisetschema.dll:
6261e20.c78: CreationTime: 2015-07-10T11:00:04.872098600Z
6271e20.c78: LastWriteTime: 2015-07-10T11:00:04.872098600Z
6281e20.c78: ChangeTime: 2015-09-04T22:44:05.965798400Z
6291e20.c78: FileAttributes: 0x20
6301e20.c78: Size: 0x16760
6311e20.c78: NT Headers: 0xc8
6321e20.c78: Timestamp: 0x559f3e3d
6331e20.c78: Machine: 0x8664 - amd64
6341e20.c78: Timestamp: 0x559f3e3d
6351e20.c78: Image Version: 10.0
6361e20.c78: SizeOfImage: 0x17000 (94208)
6371e20.c78: Resource Dir: 0x16000 LB 0x3f0
6381e20.c78: ProductName: Microsoft® Windows® Operating System
6391e20.c78: ProductVersion: 10.0.10240.16384
6401e20.c78: FileVersion: 10.0.10240.16384 (th1.150709-1700)
6411e20.c78: FileDescription: ApiSet Schema DLL
6421e20.c78: NtOpenDirectoryObject failed on \Driver: 0xc0000022
6431e20.c78: supR3HardenedWinFindAdversaries: 0x4
6441e20.c78: \SystemRoot\System32\drivers\aswHwid.sys:
6451e20.c78: CreationTime: 2015-09-04T22:31:44.708479200Z
6461e20.c78: LastWriteTime: 2015-09-04T22:31:43.125021300Z
6471e20.c78: ChangeTime: 2015-09-04T22:31:44.371300700Z
6481e20.c78: FileAttributes: 0x20
6491e20.c78: Size: 0x6ff0
6501e20.c78: NT Headers: 0xe8
6511e20.c78: Timestamp: 0x55b66532
6521e20.c78: Machine: 0x8664 - amd64
6531e20.c78: Timestamp: 0x55b66532
6541e20.c78: Image Version: 6.0
6551e20.c78: SizeOfImage: 0xa000 (40960)
6561e20.c78: Resource Dir: 0x8000 LB 0x398
6571e20.c78: ProductName: Avast Antivirus
6581e20.c78: ProductVersion: 10.3.2225.1172
6591e20.c78: FileVersion: 10.3.2225.1172
6601e20.c78: FileDescription: avast! HWID
6611e20.c78: \SystemRoot\System32\drivers\aswMonFlt.sys:
6621e20.c78: CreationTime: 2015-09-04T22:31:44.708479200Z
6631e20.c78: LastWriteTime: 2015-09-04T22:31:43.137032600Z
6641e20.c78: ChangeTime: 2015-09-04T22:31:44.371300700Z
6651e20.c78: FileAttributes: 0x20
6661e20.c78: Size: 0x16358
6671e20.c78: NT Headers: 0xe8
6681e20.c78: Timestamp: 0x55b66516
6691e20.c78: Machine: 0x8664 - amd64
6701e20.c78: Timestamp: 0x55b66516
6711e20.c78: Image Version: 6.0
6721e20.c78: SizeOfImage: 0x24000 (147456)
6731e20.c78: Resource Dir: 0x22000 LB 0x3c0
6741e20.c78: ProductName: Avast Antivirus
6751e20.c78: ProductVersion: 10.3.2225.1172
6761e20.c78: FileVersion: 10.3.2225.1172
6771e20.c78: FileDescription: avast! File System Minifilter for Windows 2003/Vista
6781e20.c78: \SystemRoot\System32\drivers\aswRdr2.sys:
6791e20.c78: CreationTime: 2015-09-04T22:31:44.704481000Z
6801e20.c78: LastWriteTime: 2015-09-04T22:31:42.980946400Z
6811e20.c78: ChangeTime: 2015-09-04T22:31:44.371300700Z
6821e20.c78: FileAttributes: 0x20
6831e20.c78: Size: 0x16d58
6841e20.c78: NT Headers: 0xf0
6851e20.c78: Timestamp: 0x55b66550
6861e20.c78: Machine: 0x8664 - amd64
6871e20.c78: Timestamp: 0x55b66550
6881e20.c78: Image Version: 6.1
6891e20.c78: SizeOfImage: 0x1a000 (106496)
6901e20.c78: Resource Dir: 0x18000 LB 0x3a8
6911e20.c78: ProductName: Avast Antivirus
6921e20.c78: ProductVersion: 10.3.2225.1172
6931e20.c78: FileVersion: 10.3.2225.1172 built by: WinDDK
6941e20.c78: FileDescription: avast! WFP Redirect Driver
6951e20.c78: \SystemRoot\System32\drivers\aswRvrt.sys:
6961e20.c78: CreationTime: 2015-09-04T22:31:44.712479200Z
6971e20.c78: LastWriteTime: 2015-09-04T22:31:43.145023400Z
6981e20.c78: ChangeTime: 2015-09-04T22:31:44.371300700Z
6991e20.c78: FileAttributes: 0x20
7001e20.c78: Size: 0xfec8
7011e20.c78: NT Headers: 0xf8
7021e20.c78: Timestamp: 0x55b66505
7031e20.c78: Machine: 0x8664 - amd64
7041e20.c78: Timestamp: 0x55b66505
7051e20.c78: Image Version: 6.0
7061e20.c78: SizeOfImage: 0x13000 (77824)
7071e20.c78: Resource Dir: 0x11000 LB 0x398
7081e20.c78: ProductName: Avast Antivirus
7091e20.c78: ProductVersion: 10.3.2225.1172
7101e20.c78: FileVersion: 10.3.2225.1172
7111e20.c78: FileDescription: avast! Revert
7121e20.c78: \SystemRoot\System32\drivers\aswSnx.sys:
7131e20.c78: CreationTime: 2015-09-04T22:31:44.696478100Z
7141e20.c78: LastWriteTime: 2015-11-12T10:31:56.443927500Z
7151e20.c78: ChangeTime: 2015-11-12T10:31:56.443927500Z
7161e20.c78: FileAttributes: 0x20
7171e20.c78: Size: 0x102b48
7181e20.c78: NT Headers: 0xe8
7191e20.c78: Timestamp: 0x5631cc02
7201e20.c78: Machine: 0x8664 - amd64
7211e20.c78: Timestamp: 0x5631cc02
7221e20.c78: Image Version: 6.0
7231e20.c78: SizeOfImage: 0x106000 (1073152)
7241e20.c78: Resource Dir: 0xfe000 LB 0x388
7251e20.c78: ProductName: Avast Antivirus
7261e20.c78: ProductVersion: 10.3.2225.1189
7271e20.c78: FileVersion: 10.3.2225.1189
7281e20.c78: FileDescription: avast! Virtualization Driver
7291e20.c78: \SystemRoot\System32\drivers\aswsp.sys:
7301e20.c78: CreationTime: 2015-09-04T22:31:44.716626700Z
7311e20.c78: LastWriteTime: 2015-11-12T10:31:56.527020600Z
7321e20.c78: ChangeTime: 2015-11-12T10:31:56.527020600Z
7331e20.c78: FileAttributes: 0x20
7341e20.c78: Size: 0x6ddc8
7351e20.c78: NT Headers: 0x100
7361e20.c78: Timestamp: 0x5631d051
7371e20.c78: Machine: 0x8664 - amd64
7381e20.c78: Timestamp: 0x5631d051
7391e20.c78: Image Version: 6.0
7401e20.c78: SizeOfImage: 0x75000 (479232)
7411e20.c78: Resource Dir: 0x73000 LB 0x380
7421e20.c78: ProductName: Avast Antivirus
7431e20.c78: ProductVersion: 10.3.2225.1189
7441e20.c78: FileVersion: 10.3.2225.1189
7451e20.c78: FileDescription: avast! self protection module
7461e20.c78: \SystemRoot\System32\drivers\aswStm.sys:
7471e20.c78: CreationTime: 2015-09-04T22:31:44.716626700Z
7481e20.c78: LastWriteTime: 2015-09-04T22:31:43.213027900Z
7491e20.c78: ChangeTime: 2015-09-04T22:31:44.375306800Z
7501e20.c78: FileAttributes: 0x20
7511e20.c78: Size: 0x24c90
7521e20.c78: NT Headers: 0x100
7531e20.c78: Timestamp: 0x55b66c74
7541e20.c78: Machine: 0x8664 - amd64
7551e20.c78: Timestamp: 0x55b66c74
7561e20.c78: Image Version: 6.2
7571e20.c78: SizeOfImage: 0x27000 (159744)
7581e20.c78: Resource Dir: 0x25000 LB 0x360
7591e20.c78: ProductName: Avast Antivirus
7601e20.c78: ProductVersion: 10.3.2225.1172
7611e20.c78: FileVersion: 10.3.2225.1172
7621e20.c78: FileDescription: Stream Filter
7631e20.c78: \SystemRoot\System32\drivers\aswVmm.sys:
7641e20.c78: CreationTime: 2015-09-04T22:31:44.716626700Z
7651e20.c78: LastWriteTime: 2015-09-04T22:31:43.181025600Z
7661e20.c78: ChangeTime: 2015-09-04T22:31:44.375306800Z
7671e20.c78: FileAttributes: 0x20
7681e20.c78: Size: 0x43178
7691e20.c78: NT Headers: 0xf8
7701e20.c78: Timestamp: 0x55b66b89
7711e20.c78: Machine: 0x8664 - amd64
7721e20.c78: Timestamp: 0x55b66b89
7731e20.c78: Image Version: 6.0
7741e20.c78: SizeOfImage: 0x45000 (282624)
7751e20.c78: Resource Dir: 0x42000 LB 0x3a0
7761e20.c78: ProductName: Avast Antivirus
7771e20.c78: ProductVersion: 10.3.2225.1172
7781e20.c78: FileVersion: 10.3.2225.1172
7791e20.c78: FileDescription: avast! VM Monitor
7801e20.c78: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
7811e20.c78: Calling main()
7821e20.c78: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
7831e20.c78: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
7841e20.c78: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
7851e20.c78: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
7861e20.c78: SUPR3HardenedMain: Respawn #2
7871e20.c78: supR3HardNtEnableThreadCreation:
7881e20.c78: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffcdccebe60 pvNtTerminateThread=00007ffcdcd13d50
7891e20.c78: supR3HardenedWinDoReSpawn(2): New child 1e48.1e34 [kernel32].
7901e20.c78: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
7911e20.c78: supR3HardNtChildGatherData: PebBaseAddress=00007ff658637000 cbPeb=0x388
7921e20.c78: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffcdcc80000 uNtDllChildAddr=00007ffcdcc80000
7931e20.c78: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffcdccebe60
7941e20.c78: supR3HardenedWinSetupChildInit: Start child.
7951e20.c78: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
7961e20.c78: supR3HardNtChildPurify: Startup delay kludge #1/0: 516 ms, 61 sleeps
7971e20.c78: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
7981e20.c78: *0000000000000000-ffffffffff32ffff 0x0001/0x0000 0x0000000
7991e20.c78: *0000000000cd0000-0000000000caffff 0x0004/0x0004 0x0020000
8001e20.c78: *0000000000cf0000-0000000000cdbfff 0x0002/0x0002 0x0040000
8011e20.c78: 0000000000d04000-0000000000cf7fff 0x0001/0x0000 0x0000000
8021e20.c78: *0000000000d10000-0000000000c13fff 0x0000/0x0004 0x0020000
8031e20.c78: 0000000000e0c000-0000000000e08fff 0x0104/0x0004 0x0020000
8041e20.c78: 0000000000e0f000-0000000000e0dfff 0x0004/0x0004 0x0020000
8051e20.c78: *0000000000e10000-0000000000e0bfff 0x0002/0x0002 0x0040000
8061e20.c78: 0000000000e14000-0000000000e07fff 0x0001/0x0000 0x0000000
8071e20.c78: *0000000000e20000-0000000000e1dfff 0x0004/0x0004 0x0020000
8081e20.c78: 0000000000e22000-ffffffff81c63fff 0x0001/0x0000 0x0000000
8091e20.c78: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
8101e20.c78: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
8111e20.c78: 000000007fff0000-ffff800aa79cffff 0x0001/0x0000 0x0000000
8121e20.c78: *00007ff658610000-00007ff6585ecfff 0x0002/0x0002 0x0040000
8131e20.c78: 00007ff658633000-00007ff65862efff 0x0001/0x0000 0x0000000
8141e20.c78: *00007ff658637000-00007ff658635fff 0x0004/0x0004 0x0020000
8151e20.c78: 00007ff658638000-00007ff658631fff 0x0001/0x0000 0x0000000
8161e20.c78: *00007ff65863e000-00007ff65863bfff 0x0004/0x0004 0x0020000
8171e20.c78: 00007ff658640000-00007ff65856ffff 0x0001/0x0000 0x0000000
8181e20.c78: *00007ff658710000-00007ff658710fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
8191e20.c78: 00007ff658711000-00007ff658796fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
8201e20.c78: 00007ff658797000-00007ff658797fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
8211e20.c78: 00007ff658798000-00007ff6587e1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
8221e20.c78: 00007ff6587e2000-00007ff6587e2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
8231e20.c78: 00007ff6587e3000-00007ff6587e3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
8241e20.c78: 00007ff6587e4000-00007ff6587e5fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
8251e20.c78: 00007ff6587e6000-00007ff6587e6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
8261e20.c78: 00007ff6587e7000-00007ff6587e7fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
8271e20.c78: 00007ff6587e8000-00007ff6587ebfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
8281e20.c78: 00007ff6587ec000-00007ff658835fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
8291e20.c78: 00007ff658836000-00007ff05420bfff 0x0001/0x0000 0x0000000
8301e20.c78: *00007ffc5ce60000-00007ffc5ce5cfff 0x0040/0x0040 0x0020000 !!
8311e20.c78: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 00007ffc5ce60000 (LB 0x3000, 00007ffc5ce60000 LB 0x3000)
8321e20.c78: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [00007ffc5ce60000/00007ffc5ce60000 LB 0/0x3000]
8331e20.c78: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/00007ffc5ce60000 LB 0x7fe20000 s=0x10000 ap=0x0 rp=0x00000000000001
834

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy