VirtualBox

Ticket #15236: VBoxHardening.log

File VBoxHardening.log, 53.6 KB (added by Drake, 9 years ago)
Line 
19974.94c0: Log file opened: 5.0.16r105871 g_hStartupLog=0000000000000238 g_uNtVerCombined=0x63258000
29974.94c0: \SystemRoot\System32\ntdll.dll:
39974.94c0: CreationTime: 2015-12-13T13:29:03.797225700Z
49974.94c0: LastWriteTime: 2015-12-13T13:29:03.816235700Z
59974.94c0: ChangeTime: 2015-12-13T14:16:49.586389800Z
69974.94c0: FileAttributes: 0x20
79974.94c0: Size: 0x1a7958
89974.94c0: NT Headers: 0xd8
99974.94c0: Timestamp: 0x5650b9bb
109974.94c0: Machine: 0x8664 - amd64
119974.94c0: Timestamp: 0x5650b9bb
129974.94c0: Image Version: 6.3
139974.94c0: SizeOfImage: 0x1ac000 (1753088)
149974.94c0: Resource Dir: 0x148000 LB 0x62450
159974.94c0: ProductName: Microsoft® Windows® Operating System
169974.94c0: ProductVersion: 6.3.9600.18146
179974.94c0: FileVersion: 6.3.9600.18146 (winblue_ltsb.151121-0600)
189974.94c0: FileDescription: NT Layer DLL
199974.94c0: \SystemRoot\System32\kernel32.dll:
209974.94c0: CreationTime: 2015-03-14T20:24:53.660703000Z
219974.94c0: LastWriteTime: 2015-03-14T20:24:53.675711600Z
229974.94c0: ChangeTime: 2015-12-13T14:17:30.550710900Z
239974.94c0: FileAttributes: 0x20
249974.94c0: Size: 0x13fc30
259974.94c0: NT Headers: 0xf8
269974.94c0: Timestamp: 0x545054ca
279974.94c0: Machine: 0x8664 - amd64
289974.94c0: Timestamp: 0x545054ca
299974.94c0: Image Version: 6.3
309974.94c0: SizeOfImage: 0x13e000 (1302528)
319974.94c0: Resource Dir: 0x12e000 LB 0x518
329974.94c0: ProductName: Microsoft® Windows® Operating System
339974.94c0: ProductVersion: 6.3.9600.17415
349974.94c0: FileVersion: 6.3.9600.17415 (winblue_r4.141028-1500)
359974.94c0: FileDescription: Windows NT BASE API Client DLL
369974.94c0: \SystemRoot\System32\KernelBase.dll:
379974.94c0: CreationTime: 2015-03-14T20:25:09.010491400Z
389974.94c0: LastWriteTime: 2015-03-14T20:25:09.027501400Z
399974.94c0: ChangeTime: 2015-12-13T14:17:30.872262900Z
409974.94c0: FileAttributes: 0x20
419974.94c0: Size: 0x114a90
429974.94c0: NT Headers: 0xf0
439974.94c0: Timestamp: 0x54505737
449974.94c0: Machine: 0x8664 - amd64
459974.94c0: Timestamp: 0x54505737
469974.94c0: Image Version: 6.3
479974.94c0: SizeOfImage: 0x115000 (1134592)
489974.94c0: Resource Dir: 0x110000 LB 0x3528
499974.94c0: ProductName: Microsoft® Windows® Operating System
509974.94c0: ProductVersion: 6.3.9600.17415
519974.94c0: FileVersion: 6.3.9600.17415 (winblue_r4.141028-1500)
529974.94c0: FileDescription: Windows NT BASE API Client DLL
539974.94c0: \SystemRoot\System32\apisetschema.dll:
549974.94c0: CreationTime: 2013-08-22T12:13:09.745625900Z
559974.94c0: LastWriteTime: 2013-08-22T12:35:12.091034400Z
569974.94c0: ChangeTime: 2014-04-14T23:08:56.536511300Z
579974.94c0: FileAttributes: 0x20
589974.94c0: Size: 0x11360
599974.94c0: NT Headers: 0xd0
609974.94c0: Timestamp: 0x52160049
619974.94c0: Machine: 0x8664 - amd64
629974.94c0: Timestamp: 0x52160049
639974.94c0: Image Version: 6.3
649974.94c0: SizeOfImage: 0x13000 (77824)
659974.94c0: Resource Dir: 0x11000 LB 0x3f8
669974.94c0: ProductName: Microsoft® Windows® Operating System
679974.94c0: ProductVersion: 6.3.9600.16384
689974.94c0: FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
699974.94c0: FileDescription: ApiSet Schema DLL
709974.94c0: NtOpenDirectoryObject failed on \Driver: 0xc0000022
719974.94c0: supR3HardenedWinFindAdversaries: 0x880
729974.94c0: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
739974.94c0: CreationTime: 2014-04-14T02:00:54.365714500Z
749974.94c0: LastWriteTime: 2016-03-11T11:35:07.512306600Z
759974.94c0: ChangeTime: 2016-03-11T11:35:07.512306600Z
769974.94c0: FileAttributes: 0x2020
779974.94c0: Size: 0x2eed8
789974.94c0: NT Headers: 0xe0
799974.94c0: Timestamp: 0x55b855d9
809974.94c0: Machine: 0x8664 - amd64
819974.94c0: Timestamp: 0x55b855d9
829974.94c0: Image Version: 6.1
839974.94c0: SizeOfImage: 0x33000 (208896)
849974.94c0: Resource Dir: 0x31000 LB 0x3b8
859974.94c0: ProductName: Malwarebytes Anti-Malware
869974.94c0: ProductVersion: 0.3.0.0
879974.94c0: FileVersion: 0.3.0.0
889974.94c0: FileDescription: Malwarebytes Anti-Malware
899974.94c0: \SystemRoot\System32\drivers\mwac.sys:
909974.94c0: CreationTime: 2014-04-14T01:59:19.936766400Z
919974.94c0: LastWriteTime: 2015-10-13T21:47:21.646896700Z
929974.94c0: ChangeTime: 2015-10-13T21:47:21.646896700Z
939974.94c0: FileAttributes: 0x20
949974.94c0: Size: 0xfad8
959974.94c0: NT Headers: 0xe0
969974.94c0: Timestamp: 0x53a0f444
979974.94c0: Machine: 0x8664 - amd64
989974.94c0: Timestamp: 0x53a0f444
999974.94c0: Image Version: 6.2
1009974.94c0: SizeOfImage: 0x13000 (77824)
1019974.94c0: Resource Dir: 0x11000 LB 0x3e0
1029974.94c0: ProductName: Malwarebytes Web Access Control
1039974.94c0: ProductVersion: 1.0.6.0
1049974.94c0: FileVersion: 1.0.6.0
1059974.94c0: FileDescription: Malwarebytes Web Access Control
1069974.94c0: \SystemRoot\System32\drivers\mbamchameleon.sys:
1079974.94c0: CreationTime: 2014-04-14T01:59:19.936766400Z
1089974.94c0: LastWriteTime: 2015-10-13T21:47:21.751957800Z
1099974.94c0: ChangeTime: 2015-10-13T21:47:21.751957800Z
1109974.94c0: FileAttributes: 0x20
1119974.94c0: Size: 0x1aad8
1129974.94c0: NT Headers: 0xd8
1139974.94c0: Timestamp: 0x55c103c3
1149974.94c0: Machine: 0x8664 - amd64
1159974.94c0: Timestamp: 0x55c103c3
1169974.94c0: Image Version: 6.1
1179974.94c0: SizeOfImage: 0x1e000 (122880)
1189974.94c0: Resource Dir: 0x1c000 LB 0xba8
1199974.94c0: ProductName: Malwarebytes Chameleon
1209974.94c0: ProductVersion: 1.1.21.0
1219974.94c0: FileVersion: 1.1.21.0
1229974.94c0: FileDescription: Malwarebytes Chameleon Protection Driver
1239974.94c0: \SystemRoot\System32\drivers\mbam.sys:
1249974.94c0: CreationTime: 2014-04-14T01:59:19.921141100Z
1259974.94c0: LastWriteTime: 2015-10-13T21:47:21.624886700Z
1269974.94c0: ChangeTime: 2015-10-13T21:47:21.624886700Z
1279974.94c0: FileAttributes: 0x20
1289974.94c0: Size: 0x64d8
1299974.94c0: NT Headers: 0xd8
1309974.94c0: Timestamp: 0x55ca3257
1319974.94c0: Machine: 0x8664 - amd64
1329974.94c0: Timestamp: 0x55ca3257
1339974.94c0: Image Version: 6.1
1349974.94c0: SizeOfImage: 0xa000 (40960)
1359974.94c0: Resource Dir: 0x8000 LB 0x3a0
1369974.94c0: ProductName: Malwarebytes Anti-Malware
1379974.94c0: ProductVersion: 0.1.16.0
1389974.94c0: FileVersion: 0.1.16.0
1399974.94c0: FileDescription: Malwarebytes Anti-Malware
1409974.94c0: \SystemRoot\System32\drivers\cmdguard.sys:
1419974.94c0: CreationTime: 2014-03-26T03:22:54.000000000Z
1429974.94c0: LastWriteTime: 2015-11-18T17:14:52.838600000Z
1439974.94c0: ChangeTime: 2015-11-20T18:52:47.879818700Z
1449974.94c0: FileAttributes: 0x2020
1459974.94c0: Size: 0xca2f0
1469974.94c0: NT Headers: 0xe0
1479974.94c0: Timestamp: 0x564cabab
1489974.94c0: Machine: 0x8664 - amd64
1499974.94c0: Timestamp: 0x564cabab
1509974.94c0: Image Version: 6.2
1519974.94c0: SizeOfImage: 0xd6000 (876544)
1529974.94c0: Resource Dir: 0xd3000 LB 0x3c8
1539974.94c0: ProductName: COMODO Internet Security Sandbox Driver
1549974.94c0: ProductVersion: 8, 2, 0, 4789
1559974.94c0: FileVersion: 8, 2, 0, 4789
1569974.94c0: FileDescription: COMODO Internet Security Sandbox Driver
1579974.94c0: \SystemRoot\System32\drivers\cmderd.sys:
1589974.94c0: CreationTime: 2014-03-26T03:22:54.000000000Z
1599974.94c0: LastWriteTime: 2015-11-18T17:14:49.827800000Z
1609974.94c0: ChangeTime: 2015-11-20T18:52:48.468156100Z
1619974.94c0: FileAttributes: 0x2020
1629974.94c0: Size: 0x54d8
1639974.94c0: NT Headers: 0xd0
1649974.94c0: Timestamp: 0x564cab95
1659974.94c0: Machine: 0x8664 - amd64
1669974.94c0: Timestamp: 0x564cab95
1679974.94c0: Image Version: 6.2
1689974.94c0: SizeOfImage: 0xa000 (40960)
1699974.94c0: Resource Dir: 0x8000 LB 0x3d0
1709974.94c0: ProductName: COMODO Internet Security Eradication Driver
1719974.94c0: ProductVersion: 8, 2, 0, 4789
1729974.94c0: FileVersion: 8, 2, 0, 4789
1739974.94c0: FileDescription: COMODO Internet Security Eradication Driver
1749974.94c0: \SystemRoot\System32\drivers\inspect.sys:
1759974.94c0: CreationTime: 2014-03-26T03:22:56.000000000Z
1769974.94c0: LastWriteTime: 2015-08-05T00:31:51.095200000Z
1779974.94c0: ChangeTime: 2015-08-07T11:55:20.860859700Z
1789974.94c0: FileAttributes: 0x20
1799974.94c0: Size: 0x1f100
1809974.94c0: NT Headers: 0xd8
1819974.94c0: Timestamp: 0x55c148ef
1829974.94c0: Machine: 0x8664 - amd64
1839974.94c0: Timestamp: 0x55c148ef
1849974.94c0: Image Version: 6.2
1859974.94c0: SizeOfImage: 0x22000 (139264)
1869974.94c0: Resource Dir: 0x20000 LB 0x3c8
1879974.94c0: ProductName: COMODO Internet Security Firewall Driver
1889974.94c0: ProductVersion: 8, 2, 0, 4674
1899974.94c0: FileVersion: 8, 2, 0, 4674
1909974.94c0: FileDescription: COMODO Internet Security Firewall Driver
1919974.94c0: \SystemRoot\System32\drivers\cmdhlp.sys:
1929974.94c0: CreationTime: 2014-03-26T03:22:56.000000000Z
1939974.94c0: LastWriteTime: 2015-08-05T00:31:48.115600000Z
1949974.94c0: ChangeTime: 2015-08-07T11:55:19.985357700Z
1959974.94c0: FileAttributes: 0x2020
1969974.94c0: Size: 0x88f0
1979974.94c0: NT Headers: 0xd8
1989974.94c0: Timestamp: 0x55c148f4
1999974.94c0: Machine: 0x8664 - amd64
2009974.94c0: Timestamp: 0x55c148f4
2019974.94c0: Image Version: 6.2
2029974.94c0: SizeOfImage: 0xc000 (49152)
2039974.94c0: Resource Dir: 0xa000 LB 0x3c0
2049974.94c0: ProductName: COMODO Internet Security Helper Driver
2059974.94c0: ProductVersion: 8, 2, 0, 4674
2069974.94c0: FileVersion: 8, 2, 0, 4674
2079974.94c0: FileDescription: COMODO Internet Security Helper Driver
2089974.94c0: \SystemRoot\System32\guard64.dll:
2099974.94c0: CreationTime: 2014-03-26T03:22:36.000000000Z
2109974.94c0: LastWriteTime: 2015-09-03T11:52:00.103200000Z
2119974.94c0: ChangeTime: 2015-09-07T17:46:58.439561400Z
2129974.94c0: FileAttributes: 0x20
2139974.94c0: Size: 0x8d750
2149974.94c0: NT Headers: 0x118
2159974.94c0: Timestamp: 0x55e818af
2169974.94c0: Machine: 0x8664 - amd64
2179974.94c0: Timestamp: 0x55e818af
2189974.94c0: Image Version: 0.0
2199974.94c0: SizeOfImage: 0x96000 (614400)
2209974.94c0: Resource Dir: 0x93000 LB 0xd80
2219974.94c0: ProductName: COMODO Internet Security
2229974.94c0: ProductVersion: 8, 2, 0, 4703
2239974.94c0: FileVersion: 8, 2, 0, 4703
2249974.94c0: FileDescription: COMODO Internet Security
2259974.94c0: \SystemRoot\System32\cmdvrt64.dll:
2269974.94c0: CreationTime: 2014-03-26T03:22:30.000000000Z
2279974.94c0: LastWriteTime: 2015-08-05T00:28:50.806000000Z
2289974.94c0: ChangeTime: 2015-08-07T11:55:24.608002500Z
2299974.94c0: FileAttributes: 0x2020
2309974.94c0: Size: 0x576c0
2319974.94c0: NT Headers: 0x100
2329974.94c0: Timestamp: 0x55c1491b
2339974.94c0: Machine: 0x8664 - amd64
2349974.94c0: Timestamp: 0x55c1491b
2359974.94c0: Image Version: 0.0
2369974.94c0: SizeOfImage: 0x5d000 (380928)
2379974.94c0: Resource Dir: 0x5b000 LB 0x5ac
2389974.94c0: ProductName: COMODO Internet Security
2399974.94c0: ProductVersion: 8, 2, 0, 4674
2409974.94c0: FileVersion: 8, 2, 0, 4674
2419974.94c0: FileDescription: COMODO Internet Security
2429974.94c0: \SystemRoot\System32\cmdkbd64.dll:
2439974.94c0: CreationTime: 2014-03-26T03:22:30.000000000Z
2449974.94c0: LastWriteTime: 2015-08-05T00:28:20.760400000Z
2459974.94c0: ChangeTime: 2015-08-07T11:55:25.549541300Z
2469974.94c0: FileAttributes: 0x2020
2479974.94c0: Size: 0xb2c0
2489974.94c0: NT Headers: 0xe8
2499974.94c0: Timestamp: 0x55c14914
2509974.94c0: Machine: 0x8664 - amd64
2519974.94c0: Timestamp: 0x55c14914
2529974.94c0: Image Version: 0.0
2539974.94c0: SizeOfImage: 0xf000 (61440)
2549974.94c0: Resource Dir: 0xd000 LB 0x5ac
2559974.94c0: ProductName: COMODO Internet Security
2569974.94c0: ProductVersion: 8, 2, 0, 4674
2579974.94c0: FileVersion: 8, 2, 0, 4674
2589974.94c0: FileDescription: COMODO Internet Security
2599974.94c0: \SystemRoot\System32\cmdcsr.dll:
2609974.94c0: CreationTime: 2014-03-26T03:22:38.000000000Z
2619974.94c0: LastWriteTime: 2015-08-05T00:29:56.903200000Z
2629974.94c0: ChangeTime: 2015-08-07T11:55:25.881731700Z
2639974.94c0: FileAttributes: 0x20
2649974.94c0: Size: 0xa108
2659974.94c0: NT Headers: 0xd8
2669974.94c0: Timestamp: 0x55c14910
2679974.94c0: Machine: 0x8664 - amd64
2689974.94c0: Timestamp: 0x55c14910
2699974.94c0: Image Version: 0.0
2709974.94c0: SizeOfImage: 0xc000 (49152)
2719974.94c0: Resource Dir: 0xa000 LB 0x4a8
2729974.94c0: ProductName: COMODO Internet Security
2739974.94c0: ProductVersion: 8, 2, 0, 4674
2749974.94c0: FileVersion: 8, 2, 0, 4674
2759974.94c0: FileDescription: COMODO Internet Security
2769974.94c0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
2779974.94c0: Calling main()
2789974.94c0: SUPR3HardenedMain: pszProgName=VBoxHeadless fFlags=0x0
2799974.94c0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
2809974.94c0: SUPR3HardenedMain: Respawn #1
2819974.94c0: System32: \Device\HarddiskVolume2\Windows\System32
2829974.94c0: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
2839974.94c0: KnownDllPath: C:\WINDOWS\system32
2849974.94c0: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
2859974.94c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe)
2869974.94c0: supR3HardNtEnableThreadCreation:
2879974.94c0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffa9a228bf0 pvNtTerminateThread=00007ffa9a2a1350
2889974.94c0: supR3HardenedWinDoReSpawn(1): New child 9b9c.9ba0 [kernel32].
2899974.94c0: supR3HardNtChildGatherData: PebBaseAddress=00007ff6c673e000 cbPeb=0x388
2909974.94c0: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffa9a210000 uNtDllChildAddr=00007ffa9a210000
2919974.94c0: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffa9a228bf0
2929974.94c0: supR3HardenedWinSetupChildInit: Start child.
2939974.94c0: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
2949974.94c0: supR3HardNtChildPurify: Startup delay kludge #1/0: 514 ms, 58 sleeps
2959974.94c0: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
2969974.94c0: *0000000000000000-ffffffffff84ffff 0x0001/0x0000 0x0000000
2979974.94c0: *00000000007b0000-000000000078ffff 0x0004/0x0004 0x0020000
2989974.94c0: *00000000007d0000-00000000007c0fff 0x0002/0x0002 0x0040000
2999974.94c0: 00000000007df000-00000000007ddfff 0x0001/0x0000 0x0000000
3009974.94c0: *00000000007e0000-00000000006e3fff 0x0000/0x0004 0x0020000
3019974.94c0: 00000000008dc000-00000000008d8fff 0x0104/0x0004 0x0020000
3029974.94c0: 00000000008df000-00000000008ddfff 0x0004/0x0004 0x0020000
3039974.94c0: *00000000008e0000-00000000008dbfff 0x0002/0x0002 0x0040000
3049974.94c0: 00000000008e4000-00000000008d7fff 0x0001/0x0000 0x0000000
3059974.94c0: *00000000008f0000-00000000008edfff 0x0004/0x0004 0x0020000
3069974.94c0: 00000000008f2000-ffffffff81203fff 0x0001/0x0000 0x0000000
3079974.94c0: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
3089974.94c0: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
3099974.94c0: 000000007fff0000-ffff800a398cffff 0x0001/0x0000 0x0000000
3109974.94c0: *00007ff6c6710000-00007ff6c66ecfff 0x0002/0x0002 0x0040000
3119974.94c0: 00007ff6c6733000-00007ff6c6729fff 0x0001/0x0000 0x0000000
3129974.94c0: *00007ff6c673c000-00007ff6c6739fff 0x0004/0x0004 0x0020000
3139974.94c0: *00007ff6c673e000-00007ff6c673cfff 0x0004/0x0004 0x0020000
3149974.94c0: 00007ff6c673f000-00007ff6c58fdfff 0x0001/0x0000 0x0000000
3159974.94c0: *00007ff6c7580000-00007ff6c7580fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
3169974.94c0: 00007ff6c7581000-00007ff6c7607fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
3179974.94c0: 00007ff6c7608000-00007ff6c7608fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
3189974.94c0: 00007ff6c7609000-00007ff6c7653fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
3199974.94c0: 00007ff6c7654000-00007ff6c7654fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
3209974.94c0: 00007ff6c7655000-00007ff6c7655fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
3219974.94c0: 00007ff6c7656000-00007ff6c765afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
3229974.94c0: 00007ff6c765b000-00007ff6c765bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
3239974.94c0: 00007ff6c765c000-00007ff6c765cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
3249974.94c0: 00007ff6c765d000-00007ff6c7660fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
3259974.94c0: 00007ff6c7661000-00007ff6c76abfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
3269974.94c0: 00007ff6c76ac000-00007ff2f4b47fff 0x0001/0x0000 0x0000000
3279974.94c0: *00007ffa9a210000-00007ffa9a210fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3289974.94c0: 00007ffa9a211000-00007ffa9a33cfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3299974.94c0: 00007ffa9a33d000-00007ffa9a342fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3309974.94c0: 00007ffa9a343000-00007ffa9a34ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3319974.94c0: 00007ffa9a350000-00007ffa9a350fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3329974.94c0: 00007ffa9a351000-00007ffa9a353fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3339974.94c0: 00007ffa9a354000-00007ffa9a354fff 0x0010/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3349974.94c0: 00007ffa9a355000-00007ffa9a3bbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3359974.94c0: 00007ffa9a3bc000-00007ffa9a3a7fff 0x0001/0x0000 0x0000000
3369974.94c0: *00007ffa9a3d0000-00007ffa9a3cefff 0x0040/0x0040 0x0020000 !!
3379974.94c0: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 00007ffa9a3d0000 (LB 0x1000, 00007ffa9a3d0000 LB 0x1000)
3389974.94c0: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [00007ffa9a3d0000/00007ffa9a3d0000 LB 0/0x1000]
3399974.94c0: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/00007ffa9a3d0000 LB 0x565c10000 s=0x10000 ap=0x0 rp=0x00000000000001
3409974.94c0: 00007ffa9a3d1000-00007ff5347c1fff 0x0001/0x0000 0x0000000
3419974.94c0: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
3429974.94c0: VBoxHeadless.exe: timestamp 0x56d9b7eb (rc=VINF_SUCCESS)
3439974.94c0: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
3449974.94c0: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
3459974.94c0: ntdll.dll: Differences in section #1 (.text) between file and memory:
3469974.94c0: 00007ffa9a2a27e0 / 0x00927e0: 4c != e9
3479974.94c0: 00007ffa9a2a27e1 / 0x00927e1: 8b != 1b
3489974.94c0: 00007ffa9a2a27e2 / 0x00927e2: d1 != d8
3499974.94c0: 00007ffa9a2a27e3 / 0x00927e3: b8 != 12
3509974.94c0: 00007ffa9a2a27e4 / 0x00927e4: 9b != 00
3519974.94c0: Restored 0x2000 bytes of original file content at 00007ffa9a2a0bfe
3529974.94c0: supR3HardNtChildPurify: cFixes=2 g_fSupAdversaries=0x880
3539974.94c0: supR3HardNtChildPurify: Startup delay kludge #1/1: 520 ms, 59 sleeps
3549974.94c0: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
3559974.94c0: *0000000000000000-ffffffffff84ffff 0x0001/0x0000 0x0000000
3569974.94c0: *00000000007b0000-000000000078ffff 0x0004/0x0004 0x0020000
3579974.94c0: *00000000007d0000-00000000007c0fff 0x0002/0x0002 0x0040000
3589974.94c0: 00000000007df000-00000000007ddfff 0x0001/0x0000 0x0000000
3599974.94c0: *00000000007e0000-00000000006e3fff 0x0000/0x0004 0x0020000
3609974.94c0: 00000000008dc000-00000000008d8fff 0x0104/0x0004 0x0020000
3619974.94c0: 00000000008df000-00000000008ddfff 0x0004/0x0004 0x0020000
3629974.94c0: *00000000008e0000-00000000008dbfff 0x0002/0x0002 0x0040000
3639974.94c0: 00000000008e4000-00000000008d7fff 0x0001/0x0000 0x0000000
3649974.94c0: *00000000008f0000-00000000008edfff 0x0004/0x0004 0x0020000
3659974.94c0: 00000000008f2000-ffffffff81203fff 0x0001/0x0000 0x0000000
3669974.94c0: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
3679974.94c0: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
3689974.94c0: 000000007fff0000-ffff800a398cffff 0x0001/0x0000 0x0000000
3699974.94c0: *00007ff6c6710000-00007ff6c66ecfff 0x0002/0x0002 0x0040000
3709974.94c0: 00007ff6c6733000-00007ff6c6729fff 0x0001/0x0000 0x0000000
3719974.94c0: *00007ff6c673c000-00007ff6c6739fff 0x0004/0x0004 0x0020000
3729974.94c0: *00007ff6c673e000-00007ff6c673cfff 0x0004/0x0004 0x0020000
3739974.94c0: 00007ff6c673f000-00007ff6c58fdfff 0x0001/0x0000 0x0000000
3749974.94c0: *00007ff6c7580000-00007ff6c7580fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
3759974.94c0: 00007ff6c7581000-00007ff6c7607fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
3769974.94c0: 00007ff6c7608000-00007ff6c7608fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
3779974.94c0: 00007ff6c7609000-00007ff6c7653fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
3789974.94c0: 00007ff6c7654000-00007ff6c7660fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
3799974.94c0: 00007ff6c7661000-00007ff6c76abfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
3809974.94c0: 00007ff6c76ac000-00007ff2f4b47fff 0x0001/0x0000 0x0000000
3819974.94c0: *00007ffa9a210000-00007ffa9a210fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3829974.94c0: 00007ffa9a211000-00007ffa9a33cfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3839974.94c0: 00007ffa9a33d000-00007ffa9a342fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3849974.94c0: 00007ffa9a343000-00007ffa9a34ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3859974.94c0: 00007ffa9a350000-00007ffa9a353fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3869974.94c0: 00007ffa9a354000-00007ffa9a354fff 0x0010/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3879974.94c0: 00007ffa9a355000-00007ffa9a3bbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3889974.94c0: 00007ffa9a3bc000-00007ff534797fff 0x0001/0x0000 0x0000000
3899974.94c0: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
3909974.94c0: supR3HardNtChildPurify: Done after 1217 ms and 2 fixes (loop #1).
3919974.94c0: supR3HardNtEnableThreadCreation:
3929b9c.9ba0: Log file opened: 5.0.16r105871 g_hStartupLog=0000000000000008 g_uNtVerCombined=0x63258000
3939b9c.9ba0: supR3HardenedVmProcessInit: uNtDllAddr=00007ffa9a210000 g_uNtVerCombined=0x63258000
3949b9c.9ba0: ntdll.dll: timestamp 0x5650b9bb (rc=VINF_SUCCESS)
3959b9c.9ba0: New simple heap: #1 0000000000a00000 LB 0x400000 (for 1753088 allocation)
3969b9c.9ba0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
3979b9c.9ba0: System32: \Device\HarddiskVolume2\Windows\System32
3989b9c.9ba0: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
3999b9c.9ba0: KnownDllPath: C:\WINDOWS\system32
4009b9c.9ba0: supR3HardenedVmProcessInit: Opening vboxdrv stub...
4019b9c.9ba0: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
4029b9c.9ba0: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
4039b9c.9ba0: Registered Dll notification callback with NTDLL.
4049b9c.9ba0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
4059b9c.9ba0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
4069b9c.9ba0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801:<flags> [calling]
4079b9c.9ba0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
4089b9c.9ba0: supR3HardenedDllNotificationCallback: load 00007ffa97480000 LB 0x00115000 C:\WINDOWS\system32\KERNELBASE.dll [fFlags=0x0]
4099b9c.9ba0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
4109b9c.9ba0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
4119b9c.9ba0: supR3HardenedDllNotificationCallback: load 00007ffa99910000 LB 0x0013e000 C:\WINDOWS\system32\KERNEL32.DLL [fFlags=0x0]
4129b9c.9ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
4139b9c.9ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa99910000 'C:\WINDOWS\system32\KERNEL32.DLL'
4149b9c.9ba0: supR3HardenedDllNotificationCallback: load 00007ff6c7580000 LB 0x0012c000 C:\Program Files\Oracle\VirtualBox\VBoxHeadless.exe [fFlags=0x0]
4159b9c.9ba0: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
4169b9c.9ba0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe)
4179b9c.9ba0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
4189b9c.9ba0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffa9a228bf0 pvNtTerminateThread=00007ffa9a2a1350
4199974.94c0: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 66 ms.
4209b9c.9ba0: \SystemRoot\System32\ntdll.dll:
4219b9c.9ba0: CreationTime: 2015-12-13T13:29:03.797225700Z
4229b9c.9ba0: LastWriteTime: 2015-12-13T13:29:03.816235700Z
4239b9c.9ba0: ChangeTime: 2015-12-13T14:16:49.586389800Z
4249b9c.9ba0: FileAttributes: 0x20
4259b9c.9ba0: Size: 0x1a7958
4269b9c.9ba0: NT Headers: 0xd8
4279b9c.9ba0: Timestamp: 0x5650b9bb
4289b9c.9ba0: Machine: 0x8664 - amd64
4299b9c.9ba0: Timestamp: 0x5650b9bb
4309b9c.9ba0: Image Version: 6.3
4319b9c.9ba0: SizeOfImage: 0x1ac000 (1753088)
4329b9c.9ba0: Resource Dir: 0x148000 LB 0x62450
4339b9c.9ba0: ProductName: Microsoft® Windows® Operating System
4349b9c.9ba0: ProductVersion: 6.3.9600.18146
4359b9c.9ba0: FileVersion: 6.3.9600.18146 (winblue_ltsb.151121-0600)
4369b9c.9ba0: FileDescription: NT Layer DLL
4379b9c.9ba0: \SystemRoot\System32\kernel32.dll:
4389b9c.9ba0: CreationTime: 2015-03-14T20:24:53.660703000Z
4399b9c.9ba0: LastWriteTime: 2015-03-14T20:24:53.675711600Z
4409b9c.9ba0: ChangeTime: 2015-12-13T14:17:30.550710900Z
4419b9c.9ba0: FileAttributes: 0x20
4429b9c.9ba0: Size: 0x13fc30
4439b9c.9ba0: NT Headers: 0xf8
4449b9c.9ba0: Timestamp: 0x545054ca
4459b9c.9ba0: Machine: 0x8664 - amd64
4469b9c.9ba0: Timestamp: 0x545054ca
4479b9c.9ba0: Image Version: 6.3
4489b9c.9ba0: SizeOfImage: 0x13e000 (1302528)
4499b9c.9ba0: Resource Dir: 0x12e000 LB 0x518
4509b9c.9ba0: ProductName: Microsoft® Windows® Operating System
4519b9c.9ba0: ProductVersion: 6.3.9600.17415
4529b9c.9ba0: FileVersion: 6.3.9600.17415 (winblue_r4.141028-1500)
4539b9c.9ba0: FileDescription: Windows NT BASE API Client DLL
4549b9c.9ba0: \SystemRoot\System32\KernelBase.dll:
4559b9c.9ba0: CreationTime: 2015-03-14T20:25:09.010491400Z
4569b9c.9ba0: LastWriteTime: 2015-03-14T20:25:09.027501400Z
4579b9c.9ba0: ChangeTime: 2015-12-13T14:17:30.872262900Z
4589b9c.9ba0: FileAttributes: 0x20
4599b9c.9ba0: Size: 0x114a90
4609b9c.9ba0: NT Headers: 0xf0
4619b9c.9ba0: Timestamp: 0x54505737
4629b9c.9ba0: Machine: 0x8664 - amd64
4639b9c.9ba0: Timestamp: 0x54505737
4649b9c.9ba0: Image Version: 6.3
4659b9c.9ba0: SizeOfImage: 0x115000 (1134592)
4669b9c.9ba0: Resource Dir: 0x110000 LB 0x3528
4679b9c.9ba0: ProductName: Microsoft® Windows® Operating System
4689b9c.9ba0: ProductVersion: 6.3.9600.17415
4699b9c.9ba0: FileVersion: 6.3.9600.17415 (winblue_r4.141028-1500)
4709b9c.9ba0: FileDescription: Windows NT BASE API Client DLL
4719b9c.9ba0: \SystemRoot\System32\apisetschema.dll:
4729b9c.9ba0: CreationTime: 2013-08-22T12:13:09.745625900Z
4739b9c.9ba0: LastWriteTime: 2013-08-22T12:35:12.091034400Z
4749b9c.9ba0: ChangeTime: 2014-04-14T23:08:56.536511300Z
4759b9c.9ba0: FileAttributes: 0x20
4769b9c.9ba0: Size: 0x11360
4779b9c.9ba0: NT Headers: 0xd0
4789b9c.9ba0: Timestamp: 0x52160049
4799b9c.9ba0: Machine: 0x8664 - amd64
4809b9c.9ba0: Timestamp: 0x52160049
4819b9c.9ba0: Image Version: 6.3
4829b9c.9ba0: SizeOfImage: 0x13000 (77824)
4839b9c.9ba0: Resource Dir: 0x11000 LB 0x3f8
4849b9c.9ba0: ProductName: Microsoft® Windows® Operating System
4859b9c.9ba0: ProductVersion: 6.3.9600.16384
4869b9c.9ba0: FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
4879b9c.9ba0: FileDescription: ApiSet Schema DLL
4889b9c.9ba0: NtOpenDirectoryObject failed on \Driver: 0xc0000022
4899b9c.9ba0: supR3HardenedWinFindAdversaries: 0x880
4909b9c.9ba0: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
4919b9c.9ba0: CreationTime: 2014-04-14T02:00:54.365714500Z
4929b9c.9ba0: LastWriteTime: 2016-03-11T11:35:07.512306600Z
4939b9c.9ba0: ChangeTime: 2016-03-11T11:35:07.512306600Z
4949b9c.9ba0: FileAttributes: 0x2020
4959b9c.9ba0: Size: 0x2eed8
4969b9c.9ba0: NT Headers: 0xe0
4979b9c.9ba0: Timestamp: 0x55b855d9
4989b9c.9ba0: Machine: 0x8664 - amd64
4999b9c.9ba0: Timestamp: 0x55b855d9
5009b9c.9ba0: Image Version: 6.1
5019b9c.9ba0: SizeOfImage: 0x33000 (208896)
5029b9c.9ba0: Resource Dir: 0x31000 LB 0x3b8
5039b9c.9ba0: ProductName: Malwarebytes Anti-Malware
5049b9c.9ba0: ProductVersion: 0.3.0.0
5059b9c.9ba0: FileVersion: 0.3.0.0
5069b9c.9ba0: FileDescription: Malwarebytes Anti-Malware
5079b9c.9ba0: \SystemRoot\System32\drivers\mwac.sys:
5089b9c.9ba0: CreationTime: 2014-04-14T01:59:19.936766400Z
5099b9c.9ba0: LastWriteTime: 2015-10-13T21:47:21.646896700Z
5109b9c.9ba0: ChangeTime: 2015-10-13T21:47:21.646896700Z
5119b9c.9ba0: FileAttributes: 0x20
5129b9c.9ba0: Size: 0xfad8
5139b9c.9ba0: NT Headers: 0xe0
5149b9c.9ba0: Timestamp: 0x53a0f444
5159b9c.9ba0: Machine: 0x8664 - amd64
5169b9c.9ba0: Timestamp: 0x53a0f444
5179b9c.9ba0: Image Version: 6.2
5189b9c.9ba0: SizeOfImage: 0x13000 (77824)
5199b9c.9ba0: Resource Dir: 0x11000 LB 0x3e0
5209b9c.9ba0: ProductName: Malwarebytes Web Access Control
5219b9c.9ba0: ProductVersion: 1.0.6.0
5229b9c.9ba0: FileVersion: 1.0.6.0
5239b9c.9ba0: FileDescription: Malwarebytes Web Access Control
5249b9c.9ba0: \SystemRoot\System32\drivers\mbamchameleon.sys:
5259b9c.9ba0: CreationTime: 2014-04-14T01:59:19.936766400Z
5269b9c.9ba0: LastWriteTime: 2015-10-13T21:47:21.751957800Z
5279b9c.9ba0: ChangeTime: 2015-10-13T21:47:21.751957800Z
5289b9c.9ba0: FileAttributes: 0x20
5299b9c.9ba0: Size: 0x1aad8
5309b9c.9ba0: NT Headers: 0xd8
5319b9c.9ba0: Timestamp: 0x55c103c3
5329b9c.9ba0: Machine: 0x8664 - amd64
5339b9c.9ba0: Timestamp: 0x55c103c3
5349b9c.9ba0: Image Version: 6.1
5359b9c.9ba0: SizeOfImage: 0x1e000 (122880)
5369b9c.9ba0: Resource Dir: 0x1c000 LB 0xba8
5379b9c.9ba0: ProductName: Malwarebytes Chameleon
5389b9c.9ba0: ProductVersion: 1.1.21.0
5399b9c.9ba0: FileVersion: 1.1.21.0
5409b9c.9ba0: FileDescription: Malwarebytes Chameleon Protection Driver
5419b9c.9ba0: \SystemRoot\System32\drivers\mbam.sys:
5429b9c.9ba0: CreationTime: 2014-04-14T01:59:19.921141100Z
5439b9c.9ba0: LastWriteTime: 2015-10-13T21:47:21.624886700Z
5449b9c.9ba0: ChangeTime: 2015-10-13T21:47:21.624886700Z
5459b9c.9ba0: FileAttributes: 0x20
5469b9c.9ba0: Size: 0x64d8
5479b9c.9ba0: NT Headers: 0xd8
5489b9c.9ba0: Timestamp: 0x55ca3257
5499b9c.9ba0: Machine: 0x8664 - amd64
5509b9c.9ba0: Timestamp: 0x55ca3257
5519b9c.9ba0: Image Version: 6.1
5529b9c.9ba0: SizeOfImage: 0xa000 (40960)
5539b9c.9ba0: Resource Dir: 0x8000 LB 0x3a0
5549b9c.9ba0: ProductName: Malwarebytes Anti-Malware
5559b9c.9ba0: ProductVersion: 0.1.16.0
5569b9c.9ba0: FileVersion: 0.1.16.0
5579b9c.9ba0: FileDescription: Malwarebytes Anti-Malware
5589b9c.9ba0: \SystemRoot\System32\drivers\cmdguard.sys:
5599b9c.9ba0: CreationTime: 2014-03-26T03:22:54.000000000Z
5609b9c.9ba0: LastWriteTime: 2015-11-18T17:14:52.838600000Z
5619b9c.9ba0: ChangeTime: 2015-11-20T18:52:47.879818700Z
5629b9c.9ba0: FileAttributes: 0x2020
5639b9c.9ba0: Size: 0xca2f0
5649b9c.9ba0: NT Headers: 0xe0
5659b9c.9ba0: Timestamp: 0x564cabab
5669b9c.9ba0: Machine: 0x8664 - amd64
5679b9c.9ba0: Timestamp: 0x564cabab
5689b9c.9ba0: Image Version: 6.2
5699b9c.9ba0: SizeOfImage: 0xd6000 (876544)
5709b9c.9ba0: Resource Dir: 0xd3000 LB 0x3c8
5719b9c.9ba0: ProductName: COMODO Internet Security Sandbox Driver
5729b9c.9ba0: ProductVersion: 8, 2, 0, 4789
5739b9c.9ba0: FileVersion: 8, 2, 0, 4789
5749b9c.9ba0: FileDescription: COMODO Internet Security Sandbox Driver
5759b9c.9ba0: \SystemRoot\System32\drivers\cmderd.sys:
5769b9c.9ba0: CreationTime: 2014-03-26T03:22:54.000000000Z
5779b9c.9ba0: LastWriteTime: 2015-11-18T17:14:49.827800000Z
5789b9c.9ba0: ChangeTime: 2015-11-20T18:52:48.468156100Z
5799b9c.9ba0: FileAttributes: 0x2020
5809b9c.9ba0: Size: 0x54d8
5819b9c.9ba0: NT Headers: 0xd0
5829b9c.9ba0: Timestamp: 0x564cab95
5839b9c.9ba0: Machine: 0x8664 - amd64
5849b9c.9ba0: Timestamp: 0x564cab95
5859b9c.9ba0: Image Version: 6.2
5869b9c.9ba0: SizeOfImage: 0xa000 (40960)
5879b9c.9ba0: Resource Dir: 0x8000 LB 0x3d0
5889b9c.9ba0: ProductName: COMODO Internet Security Eradication Driver
5899b9c.9ba0: ProductVersion: 8, 2, 0, 4789
5909b9c.9ba0: FileVersion: 8, 2, 0, 4789
5919b9c.9ba0: FileDescription: COMODO Internet Security Eradication Driver
5929b9c.9ba0: \SystemRoot\System32\drivers\inspect.sys:
5939b9c.9ba0: CreationTime: 2014-03-26T03:22:56.000000000Z
5949b9c.9ba0: LastWriteTime: 2015-08-05T00:31:51.095200000Z
5959b9c.9ba0: ChangeTime: 2015-08-07T11:55:20.860859700Z
5969b9c.9ba0: FileAttributes: 0x20
5979b9c.9ba0: Size: 0x1f100
5989b9c.9ba0: NT Headers: 0xd8
5999b9c.9ba0: Timestamp: 0x55c148ef
6009b9c.9ba0: Machine: 0x8664 - amd64
6019b9c.9ba0: Timestamp: 0x55c148ef
6029b9c.9ba0: Image Version: 6.2
6039b9c.9ba0: SizeOfImage: 0x22000 (139264)
6049b9c.9ba0: Resource Dir: 0x20000 LB 0x3c8
6059b9c.9ba0: ProductName: COMODO Internet Security Firewall Driver
6069b9c.9ba0: ProductVersion: 8, 2, 0, 4674
6079b9c.9ba0: FileVersion: 8, 2, 0, 4674
6089b9c.9ba0: FileDescription: COMODO Internet Security Firewall Driver
6099b9c.9ba0: \SystemRoot\System32\drivers\cmdhlp.sys:
6109b9c.9ba0: CreationTime: 2014-03-26T03:22:56.000000000Z
6119b9c.9ba0: LastWriteTime: 2015-08-05T00:31:48.115600000Z
6129b9c.9ba0: ChangeTime: 2015-08-07T11:55:19.985357700Z
6139b9c.9ba0: FileAttributes: 0x2020
6149b9c.9ba0: Size: 0x88f0
6159b9c.9ba0: NT Headers: 0xd8
6169b9c.9ba0: Timestamp: 0x55c148f4
6179b9c.9ba0: Machine: 0x8664 - amd64
6189b9c.9ba0: Timestamp: 0x55c148f4
6199b9c.9ba0: Image Version: 6.2
6209b9c.9ba0: SizeOfImage: 0xc000 (49152)
6219b9c.9ba0: Resource Dir: 0xa000 LB 0x3c0
6229b9c.9ba0: ProductName: COMODO Internet Security Helper Driver
6239b9c.9ba0: ProductVersion: 8, 2, 0, 4674
6249b9c.9ba0: FileVersion: 8, 2, 0, 4674
6259b9c.9ba0: FileDescription: COMODO Internet Security Helper Driver
6269b9c.9ba0: \SystemRoot\System32\guard64.dll:
6279b9c.9ba0: CreationTime: 2014-03-26T03:22:36.000000000Z
6289b9c.9ba0: LastWriteTime: 2015-09-03T11:52:00.103200000Z
6299b9c.9ba0: ChangeTime: 2015-09-07T17:46:58.439561400Z
6309b9c.9ba0: FileAttributes: 0x20
6319b9c.9ba0: Size: 0x8d750
6329b9c.9ba0: NT Headers: 0x118
6339b9c.9ba0: Timestamp: 0x55e818af
6349b9c.9ba0: Machine: 0x8664 - amd64
6359b9c.9ba0: Timestamp: 0x55e818af
6369b9c.9ba0: Image Version: 0.0
6379b9c.9ba0: SizeOfImage: 0x96000 (614400)
6389b9c.9ba0: Resource Dir: 0x93000 LB 0xd80
6399b9c.9ba0: ProductName: COMODO Internet Security
6409b9c.9ba0: ProductVersion: 8, 2, 0, 4703
6419b9c.9ba0: FileVersion: 8, 2, 0, 4703
6429b9c.9ba0: FileDescription: COMODO Internet Security
6439b9c.9ba0: \SystemRoot\System32\cmdvrt64.dll:
6449b9c.9ba0: CreationTime: 2014-03-26T03:22:30.000000000Z
6459b9c.9ba0: LastWriteTime: 2015-08-05T00:28:50.806000000Z
6469b9c.9ba0: ChangeTime: 2015-08-07T11:55:24.608002500Z
6479b9c.9ba0: FileAttributes: 0x2020
6489b9c.9ba0: Size: 0x576c0
6499b9c.9ba0: NT Headers: 0x100
6509b9c.9ba0: Timestamp: 0x55c1491b
6519b9c.9ba0: Machine: 0x8664 - amd64
6529b9c.9ba0: Timestamp: 0x55c1491b
6539b9c.9ba0: Image Version: 0.0
6549b9c.9ba0: SizeOfImage: 0x5d000 (380928)
6559b9c.9ba0: Resource Dir: 0x5b000 LB 0x5ac
6569b9c.9ba0: ProductName: COMODO Internet Security
6579b9c.9ba0: ProductVersion: 8, 2, 0, 4674
6589b9c.9ba0: FileVersion: 8, 2, 0, 4674
6599b9c.9ba0: FileDescription: COMODO Internet Security
6609b9c.9ba0: \SystemRoot\System32\cmdkbd64.dll:
6619b9c.9ba0: CreationTime: 2014-03-26T03:22:30.000000000Z
6629b9c.9ba0: LastWriteTime: 2015-08-05T00:28:20.760400000Z
6639b9c.9ba0: ChangeTime: 2015-08-07T11:55:25.549541300Z
6649b9c.9ba0: FileAttributes: 0x2020
6659b9c.9ba0: Size: 0xb2c0
6669b9c.9ba0: NT Headers: 0xe8
6679b9c.9ba0: Timestamp: 0x55c14914
6689b9c.9ba0: Machine: 0x8664 - amd64
6699b9c.9ba0: Timestamp: 0x55c14914
6709b9c.9ba0: Image Version: 0.0
6719b9c.9ba0: SizeOfImage: 0xf000 (61440)
6729b9c.9ba0: Resource Dir: 0xd000 LB 0x5ac
6739b9c.9ba0: ProductName: COMODO Internet Security
6749b9c.9ba0: ProductVersion: 8, 2, 0, 4674
6759b9c.9ba0: FileVersion: 8, 2, 0, 4674
6769b9c.9ba0: FileDescription: COMODO Internet Security
6779b9c.9ba0: \SystemRoot\System32\cmdcsr.dll:
6789b9c.9ba0: CreationTime: 2014-03-26T03:22:38.000000000Z
6799b9c.9ba0: LastWriteTime: 2015-08-05T00:29:56.903200000Z
6809b9c.9ba0: ChangeTime: 2015-08-07T11:55:25.881731700Z
6819b9c.9ba0: FileAttributes: 0x20
6829b9c.9ba0: Size: 0xa108
6839b9c.9ba0: NT Headers: 0xd8
6849b9c.9ba0: Timestamp: 0x55c14910
6859b9c.9ba0: Machine: 0x8664 - amd64
6869b9c.9ba0: Timestamp: 0x55c14910
6879b9c.9ba0: Image Version: 0.0
6889b9c.9ba0: SizeOfImage: 0xc000 (49152)
6899b9c.9ba0: Resource Dir: 0xa000 LB 0x4a8
6909b9c.9ba0: ProductName: COMODO Internet Security
6919b9c.9ba0: ProductVersion: 8, 2, 0, 4674
6929b9c.9ba0: FileVersion: 8, 2, 0, 4674
6939b9c.9ba0: FileDescription: COMODO Internet Security
6949b9c.9ba0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
6959b9c.9ba0: Calling main()
6969b9c.9ba0: SUPR3HardenedMain: pszProgName=VBoxHeadless fFlags=0x0
6979b9c.9ba0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
6989b9c.9ba0: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
6999b9c.9ba0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe)
7009b9c.9ba0: SUPR3HardenedMain: Respawn #2
7019b9c.9ba0: supR3HardNtEnableThreadCreation:
7029b9c.9ba0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffa9a228bf0 pvNtTerminateThread=00007ffa9a2a1350
7039b9c.9ba0: supR3HardenedWinDoReSpawn(2): New child 98bc.987c [kernel32].
7049b9c.9ba0: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
7059b9c.9ba0: supR3HardNtChildGatherData: PebBaseAddress=00007ff6c720f000 cbPeb=0x388
7069b9c.9ba0: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffa9a210000 uNtDllChildAddr=00007ffa9a210000
7079b9c.9ba0: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffa9a228bf0
7089b9c.9ba0: supR3HardenedWinSetupChildInit: Start child.
7099b9c.9ba0: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
7109b9c.9ba0: supR3HardNtChildPurify: Startup delay kludge #1/0: 520 ms, 59 sleeps
7119b9c.9ba0: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
7129b9c.9ba0: *0000000000000000-ffffffffff2cffff 0x0001/0x0000 0x0000000
7139b9c.9ba0: *0000000000d30000-0000000000d0ffff 0x0004/0x0004 0x0020000
7149b9c.9ba0: *0000000000d50000-0000000000d40fff 0x0002/0x0002 0x0040000
7159b9c.9ba0: 0000000000d5f000-0000000000d5dfff 0x0001/0x0000 0x0000000
7169b9c.9ba0: *0000000000d60000-0000000000c63fff 0x0000/0x0004 0x0020000
7179b9c.9ba0: 0000000000e5c000-0000000000e58fff 0x0104/0x0004 0x0020000
7189b9c.9ba0: 0000000000e5f000-0000000000e5dfff 0x0004/0x0004 0x0020000
7199b9c.9ba0: *0000000000e60000-0000000000e5bfff 0x0002/0x0002 0x0040000
7209b9c.9ba0: 0000000000e64000-0000000000e57fff 0x0001/0x0000 0x0000000
7219b9c.9ba0: *0000000000e70000-0000000000e6dfff 0x0004/0x0004 0x0020000
7229b9c.9ba0: 0000000000e72000-0000000000e63fff 0x0001/0x0000 0x0000000
7239b9c.9ba0: *0000000000e80000-0000000000e6efff 0x0040/0x0040 0x0020000 !!
7249b9c.9ba0: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 0000000000e80000 (LB 0x11000, 0000000000e80000 LB 0x11000)
7259b9c.9ba0: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [0000000000e80000/0000000000e80000 LB 0/0x11000]
7269b9c.9ba0: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/0000000000e80000 LB 0x7f160000 s=0x10000 ap=0x0 rp=0x00000000000001
7279b9c.9ba0: 0000000000e91000-ffffffff81d41fff 0x0001/0x0000 0x0000000
7289b9c.9ba0: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
7299b9c.9ba0: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
7309b9c.9ba0: 000000007fff0000-ffff800a38dfffff 0x0001/0x0000 0x0000000
7319b9c.9ba0: *00007ff6c71e0000-00007ff6c71bcfff 0x0002/0x0002 0x0040000
7329b9c.9ba0: 00007ff6c7203000-00007ff6c71f8fff 0x0001/0x0000 0x0000000
7339b9c.9ba0: *00007ff6c720d000-00007ff6c720afff 0x0004/0x0004 0x0020000
7349b9c.9ba0: *00007ff6c720f000-00007ff6c720dfff 0x0004/0x0004 0x0020000
7359b9c.9ba0: 00007ff6c7210000-00007ff6c6e9ffff 0x0001/0x0000 0x0000000
7369b9c.9ba0: *00007ff6c7580000-00007ff6c7580fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
7379b9c.9ba0: 00007ff6c7581000-00007ff6c7607fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
7389b9c.9ba0: 00007ff6c7608000-00007ff6c7608fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
7399b9c.9ba0: 00007ff6c7609000-00007ff6c7653fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
7409b9c.9ba0: 00007ff6c7654000-00007ff6c7654fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
7419b9c.9ba0: 00007ff6c7655000-00007ff6c7655fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
7429b9c.9ba0: 00007ff6c7656000-00007ff6c765afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
7439b9c.9ba0: 00007ff6c765b000-00007ff6c765bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
7449b9c.9ba0: 00007ff6c765c000-00007ff6c765cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
7459b9c.9ba0: 00007ff6c765d000-00007ff6c7660fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
7469b9c.9ba0: 00007ff6c7661000-00007ff6c76abfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
7479b9c.9ba0: 00007ff6c76ac000-00007ff2f4b47fff 0x0001/0x0000 0x0000000
7489b9c.9ba0: *00007ffa9a210000-00007ffa9a210fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
7499b9c.9ba0: 00007ffa9a211000-00007ffa9a33cfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
7509b9c.9ba0: 00007ffa9a33d000-00007ffa9a342fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
7519b9c.9ba0: 00007ffa9a343000-00007ffa9a34ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
7529b9c.9ba0: 00007ffa9a350000-00007ffa9a350fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
7539b9c.9ba0: 00007ffa9a351000-00007ffa9a353fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
7549b9c.9ba0: 00007ffa9a354000-00007ffa9a354fff 0x0010/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
7559b9c.9ba0: 00007ffa9a355000-00007ffa9a3bbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
7569b9c.9ba0: 00007ffa9a3bc000-00007ffa9a3a7fff 0x0001/0x0000 0x0000000
7579b9c.9ba0: *00007ffa9a3d0000-00007ffa9a3cefff 0x0040/0x0040 0x0020000 !!
7589b9c.9ba0: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 00007ffa9a3d0000 (LB 0x1000, 00007ffa9a3d0000 LB 0x1000)
7599b9c.9ba0: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [00007ffa9a3d0000/00007ffa9a3d0000 LB 0/0x1000]
7609b9c.9ba0: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/00007ffa9a3d0000 LB 0x565c10000 s=0x10000 ap=0x0 rp=0x00000000000001
7619b9c.9ba0: 00007ffa9a3d1000-00007ff5347c1fff 0x0001/0x0000 0x0000000
7629b9c.9ba0: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
7639b9c.9ba0: VBoxHeadless.exe: timestamp 0x56d9b7eb (rc=VINF_SUCCESS)
7649b9c.9ba0: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
7659b9c.9ba0: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
7669b9c.9ba0: ntdll.dll: Differences in section #1 (.text) between file and memory:
7679b9c.9ba0: 00007ffa9a2a27e0 / 0x00927e0: 4c != e9
7689b9c.9ba0: 00007ffa9a2a27e1 / 0x00927e1: 8b != 1b
7699b9c.9ba0: 00007ffa9a2a27e2 / 0x00927e2: d1 != d8
7709b9c.9ba0: 00007ffa9a2a27e3 / 0x00927e3: b8 != 12
7719b9c.9ba0: 00007ffa9a2a27e4 / 0x00927e4: 9b != 00
7729b9c.9ba0: Restored 0x2000 bytes of original file content at 00007ffa9a2a0bfe
7739b9c.9ba0: supR3HardNtChildPurify: cFixes=3 g_fSupAdversaries=0x880
7749b9c.9ba0: supR3HardNtChildPurify: Startup delay kludge #1/1: 519 ms, 59 sleeps
7759b9c.9ba0: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
7769b9c.9ba0: *0000000000000000-ffffffffff2cffff 0x0001/0x0000 0x0000000
7779b9c.9ba0: *0000000000d30000-0000000000d0ffff 0x0004/0x0004 0x0020000
7789b9c.9ba0: *0000000000d50000-0000000000d40fff 0x0002/0x0002 0x0040000
7799b9c.9ba0: 0000000000d5f000-0000000000d5dfff 0x0001/0x0000 0x0000000
7809b9c.9ba0: *0000000000d60000-0000000000c63fff 0x0000/0x0004 0x0020000
7819b9c.9ba0: 0000000000e5c000-0000000000e58fff 0x0104/0x0004 0x0020000
7829b9c.9ba0: 0000000000e5f000-0000000000e5dfff 0x0004/0x0004 0x0020000
7839b9c.9ba0: *0000000000e60000-0000000000e5bfff 0x0002/0x0002 0x0040000
7849b9c.9ba0: 0000000000e64000-0000000000e57fff 0x0001/0x0000 0x0000000
7859b9c.9ba0: *0000000000e70000-0000000000e6dfff 0x0004/0x0004 0x0020000
7869b9c.9ba0: 0000000000e72000-ffffffff81d03fff 0x0001/0x0000 0x0000000
7879b9c.9ba0: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
7889b9c.9ba0: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
7899b9c.9ba0: 000000007fff0000-ffff800a38dfffff 0x0001/0x0000 0x0000000
7909b9c.9ba0: *00007ff6c71e0000-00007ff6c71bcfff 0x0002/0x0002 0x0040000
7919b9c.9ba0: 00007ff6c7203000-00007ff6c71f8fff 0x0001/0x0000 0x0000000
7929b9c.9ba0: *00007ff6c720d000-00007ff6c720afff 0x0004/0x0004 0x0020000
7939b9c.9ba0: *00007ff6c720f000-00007ff6c720dfff 0x0004/0x0004 0x0020000
7949b9c.9ba0: 00007ff6c7210000-00007ff6c6e9ffff 0x0001/0x0000 0x0000000
7959b9c.9ba0: *00007ff6c7580000-00007ff6c7580fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
7969b9c.9ba0: 00007ff6c7581000-00007ff6c7607fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
7979b9c.9ba0: 00007ff6c7608000-00007ff6c7608fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
7989b9c.9ba0: 00007ff6c7609000-00007ff6c7653fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
7999b9c.9ba0: 00007ff6c7654000-00007ff6c7660fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
8009b9c.9ba0: 00007ff6c7661000-00007ff6c76abfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
8019b9c.9ba0: 00007ff6c76ac000-00007ff2f4b47fff 0x0001/0x0000 0x0000000
8029b9c.9ba0: *00007ffa9a210000-00007ffa9a210fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
8039b9c.9ba0: 00007ffa9a211000-00007ffa9a33cfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
8049b9c.9ba0: 00007ffa9a33d000-00007ffa9a342fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
8059b9c.9ba0: 00007ffa9a343000-00007ffa9a34ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
8069b9c.9ba0: 00007ffa9a350000-00007ffa9a353fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
8079b9c.9ba0: 00007ffa9a354000-00007ffa9a354fff 0x0010/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
8089b9c.9ba0: 00007ffa9a355000-00007ffa9a3bbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
8099b9c.9ba0: 00007ffa9a3bc000-00007ff534797fff 0x0001/0x0000 0x0000000
8109b9c.9ba0: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
8119b9c.9ba0: supR3HardNtChildPurify: Done after 1366 ms and 3 fixes (loop #1).
8129b9c.9ba0: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000a00000 LB 0x400000)
8139b9c.9ba0: supR3HardNtEnableThreadCreation:
81498bc.987c: Log file opened: 5.0.16r105871 g_hStartupLog=0000000000000008 g_uNtVerCombined=0x63258000
81598bc.987c: supR3HardenedVmProcessInit: uNtDllAddr=00007ffa9a210000 g_uNtVerCombined=0x63258000
81698bc.987c: ntdll.dll: timestamp 0x5650b9bb (rc=VINF_SUCCESS)
81798bc.987c: New simple heap: #1 0000000000f80000 LB 0x400000 (for 1753088 allocation)
81898bc.987c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
81998bc.987c: System32: \Device\HarddiskVolume2\Windows\System32
82098bc.987c: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
82198bc.987c: KnownDllPath: C:\WINDOWS\system32
82298bc.987c: supR3HardenedVmProcessInit: Opening vboxdrv...
82398bc.987c: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
82498bc.987c: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
82598bc.987c: Registered Dll notification callback with NTDLL.
82698bc.987c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
82798bc.987c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
82898bc.987c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801:<flags> [calling]
82998bc.987c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
83098bc.987c: supR3HardenedDllNotificationCallback: load 00007ffa97480000 LB 0x00115000 C:\WINDOWS\system32\KERNELBASE.dll [fFlags=0x0]
83198bc.987c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
83298bc.987c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
83398bc.987c: supR3HardenedDllNotificationCallback: load 00007ffa99910000 LB 0x0013e000 C:\WINDOWS\system32\KERNEL32.DLL [fFlags=0x0]
83498bc.987c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
83598bc.987c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa99910000 'C:\WINDOWS\system32\KERNEL32.DLL'
83698bc.987c: supR3HardenedDllNotificationCallback: load 00007ff6c7580000 LB 0x0012c000 C:\Program Files\Oracle\VirtualBox\VBoxHeadless.exe [fFlags=0x0]
83798bc.987c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
83898bc.987c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe)
83998bc.987c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
8409b9c.9ba0: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 86 ms, CloseEvents);
8419974.94c0: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 1623 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy