222c.1f04: Log file opened: 4.3.20r96997 g_hStartupLog=00000000000000b0 g_uNtVerCombined=0x611db110 222c.1f04: \SystemRoot\System32\ntdll.dll: 222c.1f04: CreationTime: 2013-10-09T20:13:19.301520300Z 222c.1f04: LastWriteTime: 2013-08-29T02:16:35.515578900Z 222c.1f04: ChangeTime: 2013-10-10T14:18:20.928457600Z 222c.1f04: FileAttributes: 0x20 222c.1f04: Size: 0x1a6dc0 222c.1f04: NT Headers: 0xe0 222c.1f04: Timestamp: 0x521eaf24 222c.1f04: Machine: 0x8664 - amd64 222c.1f04: Timestamp: 0x521eaf24 222c.1f04: Image Version: 6.1 222c.1f04: SizeOfImage: 0x1a9000 (1740800) 222c.1f04: Resource Dir: 0x151000 LB 0x560d8 222c.1f04: ProductName: Microsoft® Windows® Operating System 222c.1f04: ProductVersion: 6.1.7601.18247 222c.1f04: FileVersion: 6.1.7601.18247 (win7sp1_gdr.130828-1532) 222c.1f04: FileDescription: NT Layer DLL 222c.1f04: \SystemRoot\System32\kernel32.dll: 222c.1f04: CreationTime: 2014-04-10T15:02:50.398073700Z 222c.1f04: LastWriteTime: 2014-03-04T09:44:00.336000000Z 222c.1f04: ChangeTime: 2014-04-14T14:16:50.794438100Z 222c.1f04: FileAttributes: 0x20 222c.1f04: Size: 0x11c000 222c.1f04: NT Headers: 0xe8 222c.1f04: Timestamp: 0x5315a059 222c.1f04: Machine: 0x8664 - amd64 222c.1f04: Timestamp: 0x5315a059 222c.1f04: Image Version: 6.1 222c.1f04: SizeOfImage: 0x11f000 (1175552) 222c.1f04: Resource Dir: 0x116000 LB 0x528 222c.1f04: ProductName: Microsoft® Windows® Operating System 222c.1f04: ProductVersion: 6.1.7601.18409 222c.1f04: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144) 222c.1f04: FileDescription: Windows NT BASE API Client DLL 222c.1f04: \SystemRoot\System32\KernelBase.dll: 222c.1f04: CreationTime: 2014-05-14T20:49:08.491151100Z 222c.1f04: LastWriteTime: 2014-03-04T09:44:00.336000000Z 222c.1f04: ChangeTime: 2014-05-15T15:29:41.206413600Z 222c.1f04: FileAttributes: 0x20 222c.1f04: Size: 0x67c00 222c.1f04: NT Headers: 0xe8 222c.1f04: Timestamp: 0x5315a05a 222c.1f04: Machine: 0x8664 - amd64 222c.1f04: Timestamp: 0x5315a05a 222c.1f04: Image Version: 6.1 222c.1f04: SizeOfImage: 0x6c000 (442368) 222c.1f04: Resource Dir: 0x6a000 LB 0x530 222c.1f04: ProductName: Microsoft® Windows® Operating System 222c.1f04: ProductVersion: 6.1.7601.18409 222c.1f04: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144) 222c.1f04: FileDescription: Windows NT BASE API Client DLL 222c.1f04: \SystemRoot\System32\apisetschema.dll: 222c.1f04: CreationTime: 2013-09-12T15:12:23.923815500Z 222c.1f04: LastWriteTime: 2013-08-02T02:12:20.275000000Z 222c.1f04: ChangeTime: 2013-09-16T14:06:36.230838200Z 222c.1f04: FileAttributes: 0x20 222c.1f04: Size: 0x1a00 222c.1f04: NT Headers: 0xc0 222c.1f04: Timestamp: 0x51fb15ca 222c.1f04: Machine: 0x8664 - amd64 222c.1f04: Timestamp: 0x51fb15ca 222c.1f04: Image Version: 6.1 222c.1f04: SizeOfImage: 0x50000 (327680) 222c.1f04: Resource Dir: 0x30000 LB 0x3f8 222c.1f04: ProductName: Microsoft® Windows® Operating System 222c.1f04: ProductVersion: 6.1.7601.18229 222c.1f04: FileVersion: 6.1.7601.18229 (win7sp1_gdr.130801-1533) 222c.1f04: FileDescription: ApiSet Schema DLL 222c.1f04: Found driver SymNetS (0x2) 222c.1f04: Found driver SymDS (0x2) 222c.1f04: Found driver SRTSPX (0x2) 222c.1f04: Found driver SymEvent (0x2) 222c.1f04: Found driver SymIRON (0x2) 222c.1f04: supR3HardenedWinFindAdversaries: 0x2 222c.1f04: \SystemRoot\System32\drivers\SysPlant.sys: 222c.1f04: CreationTime: 2014-04-04T17:05:56.099300100Z 222c.1f04: LastWriteTime: 2014-08-20T14:38:36.772809300Z 222c.1f04: ChangeTime: 2014-08-20T14:38:36.772809300Z 222c.1f04: FileAttributes: 0x2020 222c.1f04: Size: 0x25f50 222c.1f04: NT Headers: 0x100 222c.1f04: Timestamp: 0x53da082a 222c.1f04: Machine: 0x8664 - amd64 222c.1f04: Timestamp: 0x53da082a 222c.1f04: Image Version: 5.0 222c.1f04: SizeOfImage: 0x2d000 (184320) 222c.1f04: Resource Dir: 0x2b000 LB 0x498 222c.1f04: ProductName: Symantec CMC Firewall 222c.1f04: ProductVersion: 12.1.4112.4156 222c.1f04: FileVersion: 12.1.4112.4156 222c.1f04: FileDescription: Symantec CMC Firewall SysPlant 222c.1f04: \SystemRoot\System32\sysfer.dll: 222c.1f04: CreationTime: 2014-04-04T17:05:55.958282200Z 222c.1f04: LastWriteTime: 2014-08-20T14:38:36.741609200Z 222c.1f04: ChangeTime: 2014-08-20T14:38:36.741609200Z 222c.1f04: FileAttributes: 0x2020 222c.1f04: Size: 0x70d70 222c.1f04: NT Headers: 0xe8 222c.1f04: Timestamp: 0x53da08b7 222c.1f04: Machine: 0x8664 - amd64 222c.1f04: Timestamp: 0x53da08b7 222c.1f04: Image Version: 0.0 222c.1f04: SizeOfImage: 0x88000 (557056) 222c.1f04: Resource Dir: 0x86000 LB 0x630 222c.1f04: ProductName: Symantec CMC Firewall 222c.1f04: ProductVersion: 12.1.4112.4156 222c.1f04: FileVersion: 12.1.4112.4156 222c.1f04: FileDescription: Symantec CMC Firewall sysfer 222c.1f04: \SystemRoot\System32\sysferThunk.dll: 222c.1f04: CreationTime: 2014-04-04T17:05:56.031791500Z 222c.1f04: LastWriteTime: 2014-08-20T14:38:36.757209300Z 222c.1f04: ChangeTime: 2014-08-20T14:38:36.757209300Z 222c.1f04: FileAttributes: 0x2020 222c.1f04: Size: 0x3170 222c.1f04: NT Headers: 0xd0 222c.1f04: Timestamp: 0x53da08b8 222c.1f04: Machine: 0x8664 - amd64 222c.1f04: Timestamp: 0x53da08b8 222c.1f04: Image Version: 0.0 222c.1f04: SizeOfImage: 0x8000 (32768) 222c.1f04: Resource Dir: 0x6000 LB 0x648 222c.1f04: ProductName: Symantec CMC Firewall 222c.1f04: ProductVersion: 12.1.4112.4156 222c.1f04: FileVersion: 12.1.4112.4156 222c.1f04: FileDescription: Symantec CMC Firewall SysferThunk 222c.1f04: \SystemRoot\System32\drivers\symevent64x86.sys: 222c.1f04: CreationTime: 2014-04-04T17:06:33.035490400Z 222c.1f04: LastWriteTime: 2014-08-20T13:40:32.959166500Z 222c.1f04: ChangeTime: 2014-08-20T13:40:32.959166500Z 222c.1f04: FileAttributes: 0x20 222c.1f04: Size: 0x2b658 222c.1f04: NT Headers: 0xe8 222c.1f04: Timestamp: 0x51f32ff2 222c.1f04: Machine: 0x8664 - amd64 222c.1f04: Timestamp: 0x51f32ff2 222c.1f04: Image Version: 6.0 222c.1f04: SizeOfImage: 0x38000 (229376) 222c.1f04: Resource Dir: 0x36000 LB 0x3c8 222c.1f04: ProductName: SYMEVENT 222c.1f04: ProductVersion: 12.9.5.2 222c.1f04: FileVersion: 12.9.5.2 222c.1f04: FileDescription: Symantec Event Library 222c.1f04: Calling main() 222c.1f04: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 222c.1f04: SUPR3HardenedMain: Respawn #1 222c.1f04: System32: \Device\HarddiskVolume3\Windows\System32 222c.1f04: WinSxS: \Device\HarddiskVolume3\Windows\winsxs 222c.1f04: KnownDllPath: C:\Windows\system32 222c.1f04: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 222c.1f04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe) 222c.1f04: supR3HardNtEnableThreadCreation: 222c.1f04: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007793c340 pvNtTerminateThread=00000000779617e0 222c.1f04: supR3HardenedWinDoReSpawn(1): New child 1c20.1c24 [kernel32]. 222c.1f04: supR3HardNtChildGatherData: PebBaseAddress=000007fffffd3000 cbPeb=0x380 222c.1f04: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077910000 uNtDllChildAddr=0000000077910000 222c.1f04: supR3HardenedWinSetupChildInit: uLdrInitThunk=000000007793c340 222c.1f04: supR3HardenedWinSetupChildInit: Start child. 222c.1f04: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. 222c.1f04: supR3HardNtChildPurify: Startup delay kludge #1/0: 520 ms, 52 sleeps 222c.1f04: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 222c.1f04: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000 222c.1f04: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000 222c.1f04: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000 222c.1f04: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000 222c.1f04: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000 222c.1f04: 0000000000041000-0000000000031fff 0x0001/0x0000 0x0000000 222c.1f04: *0000000000050000-000000000004efff 0x0004/0x0004 0x0020000 222c.1f04: 0000000000051000-ffffffffffee1fff 0x0001/0x0000 0x0000000 222c.1f04: *00000000001c0000-00000000000c3fff 0x0000/0x0004 0x0020000 222c.1f04: 00000000002bc000-00000000002b8fff 0x0104/0x0004 0x0020000 222c.1f04: 00000000002bf000-00000000002bdfff 0x0004/0x0004 0x0020000 222c.1f04: 00000000002c0000-ffffffff88c6ffff 0x0001/0x0000 0x0000000 222c.1f04: *0000000077910000-000000007790efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 222c.1f04: 0000000077911000-000000007780efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 222c.1f04: 0000000077a13000-00000000779e3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 222c.1f04: 0000000077a42000-0000000077a39fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 222c.1f04: 0000000077a4a000-0000000077a48fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 222c.1f04: 0000000077a4b000-0000000077a47fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 222c.1f04: 0000000077a4e000-00000000779e2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 222c.1f04: 0000000077ab9000-0000000070591fff 0x0001/0x0000 0x0000000 222c.1f04: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000 222c.1f04: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000 222c.1f04: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000 222c.1f04: 000000007fff0000-ffffffffc0c6ffff 0x0001/0x0000 0x0000000 222c.1f04: *000000013f370000-000000013f36efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 222c.1f04: 000000013f371000-000000013f2ecfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 222c.1f04: 000000013f3f5000-000000013f3f3fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 222c.1f04: 000000013f3f6000-000000013f3b8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 222c.1f04: 000000013f433000-000000013f431fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 222c.1f04: 000000013f434000-000000013f432fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 222c.1f04: 000000013f435000-000000013f432fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 222c.1f04: 000000013f437000-000000013f435fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 222c.1f04: 000000013f438000-000000013f436fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 222c.1f04: 000000013f439000-000000013f434fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 222c.1f04: 000000013f43d000-000000013f403fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 222c.1f04: 000000013f476000-fffff8037ecbbfff 0x0001/0x0000 0x0000000 222c.1f04: *000007feffc30000-000007feffc2efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\apisetschema.dll 222c.1f04: 000007feffc31000-000007fdff8b1fff 0x0001/0x0000 0x0000000 222c.1f04: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000 222c.1f04: *000007fffffd3000-000007fffffd1fff 0x0004/0x0004 0x0020000 222c.1f04: 000007fffffd4000-000007fffffc9fff 0x0001/0x0000 0x0000000 222c.1f04: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000 222c.1f04: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000 222c.1f04: apisetschema.dll: timestamp 0x51fb15ca (rc=VINF_SUCCESS) 222c.1f04: VirtualBox.exe: timestamp 0x54731167 (rc=VINF_SUCCESS) 222c.1f04: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 222c.1f04: '\Device\HarddiskVolume3\Windows\System32\apisetschema.dll' has no imports 222c.1f04: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports 222c.1f04: supR3HardNtChildPurify: Done after 540 ms and 0 fixes (loop #0). 222c.1f04: supR3HardNtEnableThreadCreation: 1c20.1c24: Log file opened: 4.3.20r96997 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db110 1c20.1c24: supR3HardenedVmProcessInit: uNtDllAddr=0000000077910000 1c20.1c24: ntdll.dll: timestamp 0x521eaf24 (rc=VINF_SUCCESS) 1c20.1c24: New simple heap: #1 00000000002c0000 LB 0x400000 (for 1740800 allocation) 1c20.1c24: System32: \Device\HarddiskVolume3\Windows\System32 1c20.1c24: WinSxS: \Device\HarddiskVolume3\Windows\winsxs 1c20.1c24: KnownDllPath: C:\Windows\system32 1c20.1c24: supR3HardenedVmProcessInit: Opening vboxdrv stub... 1c20.1c24: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 1c20.1c24: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 1c20.1c24: Registered Dll notification callback with NTDLL. 1c20.1c24: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll) 1c20.1c24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll 1c20.1c24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000: [calling] 1c20.1c24: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 1c20.1c24: supR3HardenedDllNotificationCallback: load 00000000777f0000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0] 1c20.1c24: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 1c20.1c24: supR3HardenedDllNotificationCallback: load 000007fefd8b0000 LB 0x0006c000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0] 1c20.1c24: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll) 1c20.1c24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll 1c20.1c24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000777f0000 'C:\Windows\system32\kernel32.dll' 1c20.1c24: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007793c340 pvNtTerminateThread=00000000779617e0 222c.1f04: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 30 ms. 1c20.1c24: \SystemRoot\System32\ntdll.dll: 1c20.1c24: CreationTime: 2013-10-09T20:13:19.301520300Z 1c20.1c24: LastWriteTime: 2013-08-29T02:16:35.515578900Z 1c20.1c24: ChangeTime: 2013-10-10T14:18:20.928457600Z 1c20.1c24: FileAttributes: 0x20 1c20.1c24: Size: 0x1a6dc0 1c20.1c24: NT Headers: 0xe0 1c20.1c24: Timestamp: 0x521eaf24 1c20.1c24: Machine: 0x8664 - amd64 1c20.1c24: Timestamp: 0x521eaf24 1c20.1c24: Image Version: 6.1 1c20.1c24: SizeOfImage: 0x1a9000 (1740800) 1c20.1c24: Resource Dir: 0x151000 LB 0x560d8 1c20.1c24: ProductName: Microsoft® Windows® Operating System 1c20.1c24: ProductVersion: 6.1.7601.18247 1c20.1c24: FileVersion: 6.1.7601.18247 (win7sp1_gdr.130828-1532) 1c20.1c24: FileDescription: NT Layer DLL 1c20.1c24: \SystemRoot\System32\kernel32.dll: 1c20.1c24: CreationTime: 2014-04-10T15:02:50.398073700Z 1c20.1c24: LastWriteTime: 2014-03-04T09:44:00.336000000Z 1c20.1c24: ChangeTime: 2014-04-14T14:16:50.794438100Z 1c20.1c24: FileAttributes: 0x20 1c20.1c24: Size: 0x11c000 1c20.1c24: NT Headers: 0xe8 1c20.1c24: Timestamp: 0x5315a059 1c20.1c24: Machine: 0x8664 - amd64 1c20.1c24: Timestamp: 0x5315a059 1c20.1c24: Image Version: 6.1 1c20.1c24: SizeOfImage: 0x11f000 (1175552) 1c20.1c24: Resource Dir: 0x116000 LB 0x528 1c20.1c24: ProductName: Microsoft® Windows® Operating System 1c20.1c24: ProductVersion: 6.1.7601.18409 1c20.1c24: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144) 1c20.1c24: FileDescription: Windows NT BASE API Client DLL 1c20.1c24: \SystemRoot\System32\KernelBase.dll: 1c20.1c24: CreationTime: 2014-05-14T20:49:08.491151100Z 1c20.1c24: LastWriteTime: 2014-03-04T09:44:00.336000000Z 1c20.1c24: ChangeTime: 2014-05-15T15:29:41.206413600Z 1c20.1c24: FileAttributes: 0x20 1c20.1c24: Size: 0x67c00 1c20.1c24: NT Headers: 0xe8 1c20.1c24: Timestamp: 0x5315a05a 1c20.1c24: Machine: 0x8664 - amd64 1c20.1c24: Timestamp: 0x5315a05a 1c20.1c24: Image Version: 6.1 1c20.1c24: SizeOfImage: 0x6c000 (442368) 1c20.1c24: Resource Dir: 0x6a000 LB 0x530 1c20.1c24: ProductName: Microsoft® Windows® Operating System 1c20.1c24: ProductVersion: 6.1.7601.18409 1c20.1c24: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144) 1c20.1c24: FileDescription: Windows NT BASE API Client DLL 1c20.1c24: \SystemRoot\System32\apisetschema.dll: 1c20.1c24: CreationTime: 2013-09-12T15:12:23.923815500Z 1c20.1c24: LastWriteTime: 2013-08-02T02:12:20.275000000Z 1c20.1c24: ChangeTime: 2013-09-16T14:06:36.230838200Z 1c20.1c24: FileAttributes: 0x20 1c20.1c24: Size: 0x1a00 1c20.1c24: NT Headers: 0xc0 1c20.1c24: Timestamp: 0x51fb15ca 1c20.1c24: Machine: 0x8664 - amd64 1c20.1c24: Timestamp: 0x51fb15ca 1c20.1c24: Image Version: 6.1 1c20.1c24: SizeOfImage: 0x50000 (327680) 1c20.1c24: Resource Dir: 0x30000 LB 0x3f8 1c20.1c24: ProductName: Microsoft® Windows® Operating System 1c20.1c24: ProductVersion: 6.1.7601.18229 1c20.1c24: FileVersion: 6.1.7601.18229 (win7sp1_gdr.130801-1533) 1c20.1c24: FileDescription: ApiSet Schema DLL 1c20.1c24: Found driver SymNetS (0x2) 1c20.1c24: Found driver SymDS (0x2) 1c20.1c24: Found driver SRTSPX (0x2) 1c20.1c24: Found driver SymEvent (0x2) 1c20.1c24: Found driver SymIRON (0x2) 1c20.1c24: supR3HardenedWinFindAdversaries: 0x2 1c20.1c24: \SystemRoot\System32\drivers\SysPlant.sys: 1c20.1c24: CreationTime: 2014-04-04T17:05:56.099300100Z 1c20.1c24: LastWriteTime: 2014-08-20T14:38:36.772809300Z 1c20.1c24: ChangeTime: 2014-08-20T14:38:36.772809300Z 1c20.1c24: FileAttributes: 0x2020 1c20.1c24: Size: 0x25f50 1c20.1c24: NT Headers: 0x100 1c20.1c24: Timestamp: 0x53da082a 1c20.1c24: Machine: 0x8664 - amd64 1c20.1c24: Timestamp: 0x53da082a 1c20.1c24: Image Version: 5.0 1c20.1c24: SizeOfImage: 0x2d000 (184320) 1c20.1c24: Resource Dir: 0x2b000 LB 0x498 1c20.1c24: ProductName: Symantec CMC Firewall 1c20.1c24: ProductVersion: 12.1.4112.4156 1c20.1c24: FileVersion: 12.1.4112.4156 1c20.1c24: FileDescription: Symantec CMC Firewall SysPlant 1c20.1c24: \SystemRoot\System32\sysfer.dll: 1c20.1c24: CreationTime: 2014-04-04T17:05:55.958282200Z 1c20.1c24: LastWriteTime: 2014-08-20T14:38:36.741609200Z 1c20.1c24: ChangeTime: 2014-08-20T14:38:36.741609200Z 1c20.1c24: FileAttributes: 0x2020 1c20.1c24: Size: 0x70d70 1c20.1c24: NT Headers: 0xe8 1c20.1c24: Timestamp: 0x53da08b7 1c20.1c24: Machine: 0x8664 - amd64 1c20.1c24: Timestamp: 0x53da08b7 1c20.1c24: Image Version: 0.0 1c20.1c24: SizeOfImage: 0x88000 (557056) 1c20.1c24: Resource Dir: 0x86000 LB 0x630 1c20.1c24: ProductName: Symantec CMC Firewall 1c20.1c24: ProductVersion: 12.1.4112.4156 1c20.1c24: FileVersion: 12.1.4112.4156 1c20.1c24: FileDescription: Symantec CMC Firewall sysfer 1c20.1c24: \SystemRoot\System32\sysferThunk.dll: 1c20.1c24: CreationTime: 2014-04-04T17:05:56.031791500Z 1c20.1c24: LastWriteTime: 2014-08-20T14:38:36.757209300Z 1c20.1c24: ChangeTime: 2014-08-20T14:38:36.757209300Z 1c20.1c24: FileAttributes: 0x2020 1c20.1c24: Size: 0x3170 1c20.1c24: NT Headers: 0xd0 1c20.1c24: Timestamp: 0x53da08b8 1c20.1c24: Machine: 0x8664 - amd64 1c20.1c24: Timestamp: 0x53da08b8 1c20.1c24: Image Version: 0.0 1c20.1c24: SizeOfImage: 0x8000 (32768) 1c20.1c24: Resource Dir: 0x6000 LB 0x648 1c20.1c24: ProductName: Symantec CMC Firewall 1c20.1c24: ProductVersion: 12.1.4112.4156 1c20.1c24: FileVersion: 12.1.4112.4156 1c20.1c24: FileDescription: Symantec CMC Firewall SysferThunk 1c20.1c24: \SystemRoot\System32\drivers\symevent64x86.sys: 1c20.1c24: CreationTime: 2014-04-04T17:06:33.035490400Z 1c20.1c24: LastWriteTime: 2014-08-20T13:40:32.959166500Z 1c20.1c24: ChangeTime: 2014-08-20T13:40:32.959166500Z 1c20.1c24: FileAttributes: 0x20 1c20.1c24: Size: 0x2b658 1c20.1c24: NT Headers: 0xe8 1c20.1c24: Timestamp: 0x51f32ff2 1c20.1c24: Machine: 0x8664 - amd64 1c20.1c24: Timestamp: 0x51f32ff2 1c20.1c24: Image Version: 6.0 1c20.1c24: SizeOfImage: 0x38000 (229376) 1c20.1c24: Resource Dir: 0x36000 LB 0x3c8 1c20.1c24: ProductName: SYMEVENT 1c20.1c24: ProductVersion: 12.9.5.2 1c20.1c24: FileVersion: 12.9.5.2 1c20.1c24: FileDescription: Symantec Event Library 1c20.1c24: Calling main() 1c20.1c24: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 1c20.1c24: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 1c20.1c24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe) 1c20.1c24: SUPR3HardenedMain: Respawn #2 1c20.1c24: supR3HardNtEnableThreadCreation: 1c20.1c24: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\apphelp.dll) 1c20.1c24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\apphelp.dll 1c20.1c24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000: [calling] 1c20.1c24: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\apphelp.dll [lacks WinVerifyTrust] 1c20.1c24: supR3HardenedDllNotificationCallback: load 000007fefd4d0000 LB 0x00057000 C:\Windows\system32\apphelp.dll [fFlags=0x0] 1c20.1c24: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\apphelp.dll [lacks WinVerifyTrust] 1c20.1c24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd4d0000 'C:\Windows\system32\apphelp.dll'