23c0.1b84: Log file opened: 5.0.10r104061 g_hStartupLog=000000000000001c g_uNtVerCombined=0x63258000 23c0.1b84: \SystemRoot\System32\ntdll.dll: 23c0.1b84: CreationTime: 2015-09-21T22:06:47.830476300Z 23c0.1b84: LastWriteTime: 2015-08-07T21:40:29.476583000Z 23c0.1b84: ChangeTime: 2015-11-10T19:59:06.964316500Z 23c0.1b84: FileAttributes: 0x20 23c0.1b84: Size: 0x1a7f48 23c0.1b84: NT Headers: 0xd8 23c0.1b84: Timestamp: 0x55c4c16b 23c0.1b84: Machine: 0x8664 - amd64 23c0.1b84: Timestamp: 0x55c4c16b 23c0.1b84: Image Version: 6.3 23c0.1b84: SizeOfImage: 0x1ac000 (1753088) 23c0.1b84: Resource Dir: 0x148000 LB 0x62450 23c0.1b84: ProductName: Microsoft® Windows® Operating System 23c0.1b84: ProductVersion: 6.3.9600.18007 23c0.1b84: FileVersion: 6.3.9600.18007 (winblue_ltsb.150807-0612) 23c0.1b84: FileDescription: NT Layer DLL 23c0.1b84: \SystemRoot\System32\kernel32.dll: 23c0.1b84: CreationTime: 2015-04-16T19:12:15.044651600Z 23c0.1b84: LastWriteTime: 2014-10-29T04:09:24.572407200Z 23c0.1b84: ChangeTime: 2015-10-14T12:40:28.052955900Z 23c0.1b84: FileAttributes: 0x20 23c0.1b84: Size: 0x13fc30 23c0.1b84: NT Headers: 0xf8 23c0.1b84: Timestamp: 0x545054ca 23c0.1b84: Machine: 0x8664 - amd64 23c0.1b84: Timestamp: 0x545054ca 23c0.1b84: Image Version: 6.3 23c0.1b84: SizeOfImage: 0x13e000 (1302528) 23c0.1b84: Resource Dir: 0x12e000 LB 0x518 23c0.1b84: ProductName: Microsoft® Windows® Operating System 23c0.1b84: ProductVersion: 6.3.9600.17415 23c0.1b84: FileVersion: 6.3.9600.17415 (winblue_r4.141028-1500) 23c0.1b84: FileDescription: Windows NT BASE API Client DLL 23c0.1b84: \SystemRoot\System32\KernelBase.dll: 23c0.1b84: CreationTime: 2015-09-21T22:06:48.033619700Z 23c0.1b84: LastWriteTime: 2015-08-07T21:40:29.476583000Z 23c0.1b84: ChangeTime: 2015-10-14T12:41:09.259707500Z 23c0.1b84: FileAttributes: 0x20 23c0.1b84: Size: 0x1150a0 23c0.1b84: NT Headers: 0xf0 23c0.1b84: Timestamp: 0x55c4c341 23c0.1b84: Machine: 0x8664 - amd64 23c0.1b84: Timestamp: 0x55c4c341 23c0.1b84: Image Version: 6.3 23c0.1b84: SizeOfImage: 0x115000 (1134592) 23c0.1b84: Resource Dir: 0x110000 LB 0x3530 23c0.1b84: ProductName: Microsoft® Windows® Operating System 23c0.1b84: ProductVersion: 6.3.9600.18007 23c0.1b84: FileVersion: 6.3.9600.18007 (winblue_ltsb.150807-0612) 23c0.1b84: FileDescription: Windows NT BASE API Client DLL 23c0.1b84: \SystemRoot\System32\apisetschema.dll: 23c0.1b84: CreationTime: 2013-08-22T12:13:09.745625900Z 23c0.1b84: LastWriteTime: 2013-08-22T12:35:12.091034400Z 23c0.1b84: ChangeTime: 2015-04-16T21:13:21.194017200Z 23c0.1b84: FileAttributes: 0x20 23c0.1b84: Size: 0x11360 23c0.1b84: NT Headers: 0xd0 23c0.1b84: Timestamp: 0x52160049 23c0.1b84: Machine: 0x8664 - amd64 23c0.1b84: Timestamp: 0x52160049 23c0.1b84: Image Version: 6.3 23c0.1b84: SizeOfImage: 0x13000 (77824) 23c0.1b84: Resource Dir: 0x11000 LB 0x3f8 23c0.1b84: ProductName: Microsoft® Windows® Operating System 23c0.1b84: ProductVersion: 6.3.9600.16384 23c0.1b84: FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623) 23c0.1b84: FileDescription: ApiSet Schema DLL 23c0.1b84: NtOpenDirectoryObject failed on \Driver: 0xc0000022 23c0.1b84: supR3HardenedWinFindAdversaries: 0x400 23c0.1b84: \SystemRoot\System32\drivers\MpFilter.sys: 23c0.1b84: CreationTime: 2015-03-05T00:34:52.000000000Z 23c0.1b84: LastWriteTime: 2015-03-05T00:34:52.000000000Z 23c0.1b84: ChangeTime: 2015-08-07T13:26:50.864209200Z 23c0.1b84: FileAttributes: 0x20 23c0.1b84: Size: 0x44738 23c0.1b84: NT Headers: 0xf0 23c0.1b84: Timestamp: 0x54efb880 23c0.1b84: Machine: 0x8664 - amd64 23c0.1b84: Timestamp: 0x54efb880 23c0.1b84: Image Version: 6.3 23c0.1b84: SizeOfImage: 0x44000 (278528) 23c0.1b84: Resource Dir: 0x42000 LB 0xd50 23c0.1b84: ProductName: Microsoft Malware Protection 23c0.1b84: ProductVersion: 4.8.0200.0 23c0.1b84: FileVersion: 4.8.0200.0 23c0.1b84: FileDescription: Microsoft antimalware file system filter driver 23c0.1b84: \SystemRoot\System32\drivers\NisDrvWFP.sys: 23c0.1b84: CreationTime: 2013-09-10T16:12:50.000000000Z 23c0.1b84: LastWriteTime: 2015-03-05T00:34:52.000000000Z 23c0.1b84: ChangeTime: 2015-08-07T13:26:50.604220900Z 23c0.1b84: FileAttributes: 0x20 23c0.1b84: Size: 0x1e698 23c0.1b84: NT Headers: 0xf0 23c0.1b84: Timestamp: 0x54efb8af 23c0.1b84: Machine: 0x8664 - amd64 23c0.1b84: Timestamp: 0x54efb8af 23c0.1b84: Image Version: 6.3 23c0.1b84: SizeOfImage: 0x1f000 (126976) 23c0.1b84: Resource Dir: 0x1c000 LB 0x1b90 23c0.1b84: ProductName: Microsoft Malware Protection 23c0.1b84: ProductVersion: 4.8.0200.0 23c0.1b84: FileVersion: 4.8.0200.0 23c0.1b84: FileDescription: Microsoft Network Realtime Inspection Driver 23c0.1b84: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 23c0.1b84: Calling main() 23c0.1b84: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 23c0.1b84: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 23c0.1b84: SUPR3HardenedMain: Respawn #1 23c0.1b84: System32: \Device\HarddiskVolume2\Windows\System32 23c0.1b84: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS 23c0.1b84: KnownDllPath: C:\Windows\system32 23c0.1b84: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 23c0.1b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe) 23c0.1b84: supR3HardNtEnableThreadCreation: 23c0.1b84: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007fff01898ec0 pvNtTerminateThread=00007fff01911700 23c0.1b84: supR3HardenedWinDoReSpawn(1): New child 221c.1714 [kernel32]. 23c0.1b84: supR3HardNtChildGatherData: PebBaseAddress=00007ff68f438000 cbPeb=0x388 23c0.1b84: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007fff01880000 uNtDllChildAddr=00007fff01880000 23c0.1b84: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007fff01898ec0 23c0.1b84: supR3HardenedWinSetupChildInit: Start child. 23c0.1b84: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. 23c0.1b84: supR3HardNtChildPurify: Startup delay kludge #1/0: 521 ms, 45 sleeps 23c0.1b84: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 23c0.1b84: *0000000000000000-ffffffffff72ffff 0x0001/0x0000 0x0000000 23c0.1b84: *00000000008d0000-00000000008affff 0x0004/0x0004 0x0020000 23c0.1b84: *00000000008f0000-00000000008e0fff 0x0002/0x0002 0x0040000 23c0.1b84: 00000000008ff000-00000000008fdfff 0x0001/0x0000 0x0000000 23c0.1b84: *0000000000900000-0000000000803fff 0x0000/0x0004 0x0020000 23c0.1b84: 00000000009fc000-00000000009f8fff 0x0104/0x0004 0x0020000 23c0.1b84: 00000000009ff000-00000000009fdfff 0x0004/0x0004 0x0020000 23c0.1b84: *0000000000a00000-00000000009fbfff 0x0002/0x0002 0x0040000 23c0.1b84: 0000000000a04000-00000000009f7fff 0x0001/0x0000 0x0000000 23c0.1b84: *0000000000a10000-0000000000a0dfff 0x0004/0x0004 0x0020000 23c0.1b84: 0000000000a12000-ffffffff81443fff 0x0001/0x0000 0x0000000 23c0.1b84: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000 23c0.1b84: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000 23c0.1b84: 000000007fff0000-ffff800a70bcffff 0x0001/0x0000 0x0000000 23c0.1b84: *00007ff68f410000-00007ff68f3ecfff 0x0002/0x0002 0x0040000 23c0.1b84: 00007ff68f433000-00007ff68f42dfff 0x0001/0x0000 0x0000000 23c0.1b84: *00007ff68f438000-00007ff68f436fff 0x0004/0x0004 0x0020000 23c0.1b84: 00007ff68f439000-00007ff68f433fff 0x0001/0x0000 0x0000000 23c0.1b84: *00007ff68f43e000-00007ff68f43bfff 0x0004/0x0004 0x0020000 23c0.1b84: 00007ff68f440000-00007ff68eacffff 0x0001/0x0000 0x0000000 23c0.1b84: *00007ff68fdb0000-00007ff68fdb0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 23c0.1b84: 00007ff68fdb1000-00007ff68fe37fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 23c0.1b84: 00007ff68fe38000-00007ff68fe38fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 23c0.1b84: 00007ff68fe39000-00007ff68fe83fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 23c0.1b84: 00007ff68fe84000-00007ff68fe84fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 23c0.1b84: 00007ff68fe85000-00007ff68fe85fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 23c0.1b84: 00007ff68fe86000-00007ff68fe8afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 23c0.1b84: 00007ff68fe8b000-00007ff68fe8bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 23c0.1b84: 00007ff68fe8c000-00007ff68fe8cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 23c0.1b84: 00007ff68fe8d000-00007ff68fe90fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 23c0.1b84: 00007ff68fe91000-00007ff68fedbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 23c0.1b84: 00007ff68fedc000-00007fee1e537fff 0x0001/0x0000 0x0000000 23c0.1b84: *00007fff01880000-00007fff01880fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 23c0.1b84: 00007fff01881000-00007fff019acfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 23c0.1b84: 00007fff019ad000-00007fff019b2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 23c0.1b84: 00007fff019b3000-00007fff019bffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 23c0.1b84: 00007fff019c0000-00007fff019c0fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 23c0.1b84: 00007fff019c1000-00007fff019c3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 23c0.1b84: 00007fff019c4000-00007fff019c4fff 0x0010/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 23c0.1b84: 00007fff019c5000-00007fff01a2bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 23c0.1b84: 00007fff01a2c000-00007ffe03477fff 0x0001/0x0000 0x0000000 23c0.1b84: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000 23c0.1b84: VirtualBox.exe: timestamp 0x564221d3 (rc=VINF_SUCCESS) 23c0.1b84: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 23c0.1b84: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports 23c0.1b84: supR3HardNtChildPurify: Done after 573 ms and 0 fixes (loop #0). 221c.1714: Log file opened: 5.0.10r104061 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x63258000 221c.1714: supR3HardenedVmProcessInit: uNtDllAddr=00007fff01880000 23c0.1b84: supR3HardNtEnableThreadCreation: 221c.1714: ntdll.dll: timestamp 0x55c4c16b (rc=VINF_SUCCESS) 221c.1714: New simple heap: #1 0000000000b20000 LB 0x400000 (for 1753088 allocation) 221c.1714: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 221c.1714: System32: \Device\HarddiskVolume2\Windows\System32 221c.1714: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS 221c.1714: KnownDllPath: C:\Windows\system32 221c.1714: supR3HardenedVmProcessInit: Opening vboxdrv stub... 221c.1714: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 221c.1714: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 221c.1714: Registered Dll notification callback with NTDLL. 221c.1714: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll) 221c.1714: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll 221c.1714: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801: [calling] 221c.1714: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 221c.1714: supR3HardenedDllNotificationCallback: load 00007ffefed30000 LB 0x00115000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0] 221c.1714: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll) 221c.1714: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll 221c.1714: supR3HardenedDllNotificationCallback: load 00007ffeff7f0000 LB 0x0013e000 C:\Windows\system32\KERNEL32.DLL [fFlags=0x0] 221c.1714: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 221c.1714: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeff7f0000 'C:\Windows\system32\KERNEL32.DLL' 221c.1714: supR3HardenedDllNotificationCallback: load 00007ff68fdb0000 LB 0x0012c000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0] 221c.1714: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 221c.1714: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe) 221c.1714: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 221c.1714: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007fff01898ec0 pvNtTerminateThread=00007fff01911700 23c0.1b84: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 56 ms. 221c.1714: \SystemRoot\System32\ntdll.dll: 221c.1714: CreationTime: 2015-09-21T22:06:47.830476300Z 221c.1714: LastWriteTime: 2015-08-07T21:40:29.476583000Z 221c.1714: ChangeTime: 2015-11-10T19:59:06.964316500Z 221c.1714: FileAttributes: 0x20 221c.1714: Size: 0x1a7f48 221c.1714: NT Headers: 0xd8 221c.1714: Timestamp: 0x55c4c16b 221c.1714: Machine: 0x8664 - amd64 221c.1714: Timestamp: 0x55c4c16b 221c.1714: Image Version: 6.3 221c.1714: SizeOfImage: 0x1ac000 (1753088) 221c.1714: Resource Dir: 0x148000 LB 0x62450 221c.1714: ProductName: Microsoft® Windows® Operating System 221c.1714: ProductVersion: 6.3.9600.18007 221c.1714: FileVersion: 6.3.9600.18007 (winblue_ltsb.150807-0612) 221c.1714: FileDescription: NT Layer DLL 221c.1714: \SystemRoot\System32\kernel32.dll: 221c.1714: CreationTime: 2015-04-16T19:12:15.044651600Z 221c.1714: LastWriteTime: 2014-10-29T04:09:24.572407200Z 221c.1714: ChangeTime: 2015-10-14T12:40:28.052955900Z 221c.1714: FileAttributes: 0x20 221c.1714: Size: 0x13fc30 221c.1714: NT Headers: 0xf8 221c.1714: Timestamp: 0x545054ca 221c.1714: Machine: 0x8664 - amd64 221c.1714: Timestamp: 0x545054ca 221c.1714: Image Version: 6.3 221c.1714: SizeOfImage: 0x13e000 (1302528) 221c.1714: Resource Dir: 0x12e000 LB 0x518 221c.1714: ProductName: Microsoft® Windows® Operating System 221c.1714: ProductVersion: 6.3.9600.17415 221c.1714: FileVersion: 6.3.9600.17415 (winblue_r4.141028-1500) 221c.1714: FileDescription: Windows NT BASE API Client DLL 221c.1714: \SystemRoot\System32\KernelBase.dll: 221c.1714: CreationTime: 2015-09-21T22:06:48.033619700Z 221c.1714: LastWriteTime: 2015-08-07T21:40:29.476583000Z 221c.1714: ChangeTime: 2015-10-14T12:41:09.259707500Z 221c.1714: FileAttributes: 0x20 221c.1714: Size: 0x1150a0 221c.1714: NT Headers: 0xf0 221c.1714: Timestamp: 0x55c4c341 221c.1714: Machine: 0x8664 - amd64 221c.1714: Timestamp: 0x55c4c341 221c.1714: Image Version: 6.3 221c.1714: SizeOfImage: 0x115000 (1134592) 221c.1714: Resource Dir: 0x110000 LB 0x3530 221c.1714: ProductName: Microsoft® Windows® Operating System 221c.1714: ProductVersion: 6.3.9600.18007 221c.1714: FileVersion: 6.3.9600.18007 (winblue_ltsb.150807-0612) 221c.1714: FileDescription: Windows NT BASE API Client DLL 221c.1714: \SystemRoot\System32\apisetschema.dll: 221c.1714: CreationTime: 2013-08-22T12:13:09.745625900Z 221c.1714: LastWriteTime: 2013-08-22T12:35:12.091034400Z 221c.1714: ChangeTime: 2015-04-16T21:13:21.194017200Z 221c.1714: FileAttributes: 0x20 221c.1714: Size: 0x11360 221c.1714: NT Headers: 0xd0 221c.1714: Timestamp: 0x52160049 221c.1714: Machine: 0x8664 - amd64 221c.1714: Timestamp: 0x52160049 221c.1714: Image Version: 6.3 221c.1714: SizeOfImage: 0x13000 (77824) 221c.1714: Resource Dir: 0x11000 LB 0x3f8 221c.1714: ProductName: Microsoft® Windows® Operating System 221c.1714: ProductVersion: 6.3.9600.16384 221c.1714: FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623) 221c.1714: FileDescription: ApiSet Schema DLL 221c.1714: NtOpenDirectoryObject failed on \Driver: 0xc0000022 221c.1714: supR3HardenedWinFindAdversaries: 0x400 221c.1714: \SystemRoot\System32\drivers\MpFilter.sys: 221c.1714: CreationTime: 2015-03-05T00:34:52.000000000Z 221c.1714: LastWriteTime: 2015-03-05T00:34:52.000000000Z 221c.1714: ChangeTime: 2015-08-07T13:26:50.864209200Z 221c.1714: FileAttributes: 0x20 221c.1714: Size: 0x44738 221c.1714: NT Headers: 0xf0 221c.1714: Timestamp: 0x54efb880 221c.1714: Machine: 0x8664 - amd64 221c.1714: Timestamp: 0x54efb880 221c.1714: Image Version: 6.3 221c.1714: SizeOfImage: 0x44000 (278528) 221c.1714: Resource Dir: 0x42000 LB 0xd50 221c.1714: ProductName: Microsoft Malware Protection 221c.1714: ProductVersion: 4.8.0200.0 221c.1714: FileVersion: 4.8.0200.0 221c.1714: FileDescription: Microsoft antimalware file system filter driver 221c.1714: \SystemRoot\System32\drivers\NisDrvWFP.sys: 221c.1714: CreationTime: 2013-09-10T16:12:50.000000000Z 221c.1714: LastWriteTime: 2015-03-05T00:34:52.000000000Z 221c.1714: ChangeTime: 2015-08-07T13:26:50.604220900Z 221c.1714: FileAttributes: 0x20 221c.1714: Size: 0x1e698 221c.1714: NT Headers: 0xf0 221c.1714: Timestamp: 0x54efb8af 221c.1714: Machine: 0x8664 - amd64 221c.1714: Timestamp: 0x54efb8af 221c.1714: Image Version: 6.3 221c.1714: SizeOfImage: 0x1f000 (126976) 221c.1714: Resource Dir: 0x1c000 LB 0x1b90 221c.1714: ProductName: Microsoft Malware Protection 221c.1714: ProductVersion: 4.8.0200.0 221c.1714: FileVersion: 4.8.0200.0 221c.1714: FileDescription: Microsoft Network Realtime Inspection Driver 221c.1714: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 221c.1714: Calling main() 221c.1714: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 221c.1714: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 221c.1714: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 221c.1714: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe) 221c.1714: SUPR3HardenedMain: Respawn #2 221c.1714: supR3HardNtEnableThreadCreation: 221c.1714: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007fff01898ec0 pvNtTerminateThread=00007fff01911700 221c.1714: supR3HardenedWinDoReSpawn(2): New child 1e18.1524 [kernel32]. 221c.1714: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless) 221c.1714: supR3HardNtChildGatherData: PebBaseAddress=00007ff68f23f000 cbPeb=0x388 221c.1714: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007fff01880000 uNtDllChildAddr=00007fff01880000 221c.1714: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007fff01898ec0 221c.1714: supR3HardenedWinSetupChildInit: Start child. 221c.1714: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. 221c.1714: supR3HardNtChildPurify: Startup delay kludge #1/0: 514 ms, 41 sleeps 221c.1714: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 221c.1714: *0000000000000000-ffffffffffe8ffff 0x0001/0x0000 0x0000000 221c.1714: *0000000000170000-000000000014ffff 0x0004/0x0004 0x0020000 221c.1714: *0000000000190000-0000000000180fff 0x0002/0x0002 0x0040000 221c.1714: 000000000019f000-000000000019dfff 0x0001/0x0000 0x0000000 221c.1714: *00000000001a0000-00000000000a3fff 0x0000/0x0004 0x0020000 221c.1714: 000000000029c000-0000000000298fff 0x0104/0x0004 0x0020000 221c.1714: 000000000029f000-000000000029dfff 0x0004/0x0004 0x0020000 221c.1714: *00000000002a0000-000000000029bfff 0x0002/0x0002 0x0040000 221c.1714: 00000000002a4000-0000000000297fff 0x0001/0x0000 0x0000000 221c.1714: *00000000002b0000-00000000002adfff 0x0004/0x0004 0x0020000 221c.1714: 00000000002b2000-00000000002a3fff 0x0001/0x0000 0x0000000 221c.1714: *00000000002c0000-00000000002befff 0x0020/0x0020 0x0020000 !! 221c.1714: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 00000000002c0000 (LB 0x1000, 00000000002c0000 LB 0x1000) 221c.1714: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [00000000002c0000/00000000002c0000 LB 0/0x1000] 221c.1714: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/00000000002c0000 LB 0x7fd20000 s=0x10000 ap=0x0 rp=0x00000000000001 221c.1714: 00000000002c1000-ffffffff805a1fff 0x0001/0x0000 0x0000000 221c.1714: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000 221c.1714: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000 221c.1714: 000000007fff0000-ffff800a70dcffff 0x0001/0x0000 0x0000000 221c.1714: *00007ff68f210000-00007ff68f1ecfff 0x0002/0x0002 0x0040000 221c.1714: 00007ff68f233000-00007ff68f228fff 0x0001/0x0000 0x0000000 221c.1714: *00007ff68f23d000-00007ff68f23afff 0x0004/0x0004 0x0020000 221c.1714: *00007ff68f23f000-00007ff68f23dfff 0x0004/0x0004 0x0020000 221c.1714: 00007ff68f240000-00007ff68e6cffff 0x0001/0x0000 0x0000000 221c.1714: *00007ff68fdb0000-00007ff68fdb0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 221c.1714: 00007ff68fdb1000-00007ff68fe37fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 221c.1714: 00007ff68fe38000-00007ff68fe38fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 221c.1714: 00007ff68fe39000-00007ff68fe83fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 221c.1714: 00007ff68fe84000-00007ff68fe84fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 221c.1714: 00007ff68fe85000-00007ff68fe85fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 221c.1714: 00007ff68fe86000-00007ff68fe8afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 221c.1714: 00007ff68fe8b000-00007ff68fe8bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 221c.1714: 00007ff68fe8c000-00007ff68fe8cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 221c.1714: 00007ff68fe8d000-00007ff68fe90fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 221c.1714: 00007ff68fe91000-00007ff68fedbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 221c.1714: 00007ff68fedc000-00007fee1e537fff 0x0001/0x0000 0x0000000 221c.1714: *00007fff01880000-00007fff01880fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 221c.1714: 00007fff01881000-00007fff019acfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 221c.1714: 00007fff019ad000-00007fff019b2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 221c.1714: 00007fff019b3000-00007fff019bffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 221c.1714: 00007fff019c0000-00007fff019c0fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 221c.1714: 00007fff019c1000-00007fff019c3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 221c.1714: 00007fff019c4000-00007fff019c4fff 0x0010/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 221c.1714: 00007fff019c5000-00007fff01a2bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 221c.1714: 00007fff01a2c000-00007ffe03477fff 0x0001/0x0000 0x0000000 221c.1714: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000 221c.1714: VirtualBox.exe: timestamp 0x564221d3 (rc=VINF_SUCCESS) 221c.1714: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 221c.1714: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports 221c.1714: supR3HardNtChildPurify: cFixes=1 g_fSupAdversaries=0x400 221c.1714: supR3HardNtChildPurify: Startup delay kludge #1/1: 516 ms, 33 sleeps 221c.1714: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 221c.1714: *0000000000000000-ffffffffffe8ffff 0x0001/0x0000 0x0000000 221c.1714: *0000000000170000-000000000014ffff 0x0004/0x0004 0x0020000 221c.1714: *0000000000190000-0000000000180fff 0x0002/0x0002 0x0040000 221c.1714: 000000000019f000-000000000019dfff 0x0001/0x0000 0x0000000 221c.1714: *00000000001a0000-00000000000a3fff 0x0000/0x0004 0x0020000 221c.1714: 000000000029c000-0000000000298fff 0x0104/0x0004 0x0020000 221c.1714: 000000000029f000-000000000029dfff 0x0004/0x0004 0x0020000 221c.1714: *00000000002a0000-000000000029bfff 0x0002/0x0002 0x0040000 221c.1714: 00000000002a4000-0000000000297fff 0x0001/0x0000 0x0000000 221c.1714: *00000000002b0000-00000000002adfff 0x0004/0x0004 0x0020000 221c.1714: 00000000002b2000-ffffffff80583fff 0x0001/0x0000 0x0000000 221c.1714: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000 221c.1714: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000 221c.1714: 000000007fff0000-ffff800a70dcffff 0x0001/0x0000 0x0000000 221c.1714: *00007ff68f210000-00007ff68f1ecfff 0x0002/0x0002 0x0040000 221c.1714: 00007ff68f233000-00007ff68f228fff 0x0001/0x0000 0x0000000 221c.1714: *00007ff68f23d000-00007ff68f23afff 0x0004/0x0004 0x0020000 221c.1714: *00007ff68f23f000-00007ff68f23dfff 0x0004/0x0004 0x0020000 221c.1714: 00007ff68f240000-00007ff68e6cffff 0x0001/0x0000 0x0000000 221c.1714: *00007ff68fdb0000-00007ff68fdb0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 221c.1714: 00007ff68fdb1000-00007ff68fe37fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 221c.1714: 00007ff68fe38000-00007ff68fe38fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 221c.1714: 00007ff68fe39000-00007ff68fe83fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 221c.1714: 00007ff68fe84000-00007ff68fe90fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 221c.1714: 00007ff68fe91000-00007ff68fedbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 221c.1714: 00007ff68fedc000-00007fee1e537fff 0x0001/0x0000 0x0000000 221c.1714: *00007fff01880000-00007fff01880fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 221c.1714: 00007fff01881000-00007fff019acfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 221c.1714: 00007fff019ad000-00007fff019b2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 221c.1714: 00007fff019b3000-00007fff019bffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 221c.1714: 00007fff019c0000-00007fff019c3fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 221c.1714: 00007fff019c4000-00007fff019c4fff 0x0010/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 221c.1714: 00007fff019c5000-00007fff01a2bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 221c.1714: 00007fff01a2c000-00007ffe03477fff 0x0001/0x0000 0x0000000 221c.1714: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000 221c.1714: supR3HardNtChildPurify: Done after 1124 ms and 1 fixes (loop #1). 1e18.1524: Log file opened: 5.0.10r104061 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x63258000 1e18.1524: supR3HardenedVmProcessInit: uNtDllAddr=00007fff01880000 1e18.1524: ntdll.dll: timestamp 0x55c4c16b (rc=VINF_SUCCESS) 1e18.1524: New simple heap: #1 00000000003c0000 LB 0x400000 (for 1753088 allocation) 221c.1714: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000b20000 LB 0x400000) 221c.1714: supR3HardNtEnableThreadCreation: 1e18.1524: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 1e18.1524: System32: \Device\HarddiskVolume2\Windows\System32 1e18.1524: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS 1e18.1524: KnownDllPath: C:\Windows\system32 1e18.1524: supR3HardenedVmProcessInit: Opening vboxdrv... 1e18.1524: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 1e18.1524: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 1e18.1524: Registered Dll notification callback with NTDLL. 1e18.1524: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll) 1e18.1524: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll 1e18.1524: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801: [calling] 1e18.1524: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 1e18.1524: supR3HardenedDllNotificationCallback: load 00007ffefed30000 LB 0x00115000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0] 1e18.1524: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll) 1e18.1524: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll 1e18.1524: supR3HardenedDllNotificationCallback: load 00007ffeff7f0000 LB 0x0013e000 C:\Windows\system32\KERNEL32.DLL [fFlags=0x0] 1e18.1524: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 1e18.1524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeff7f0000 'C:\Windows\system32\KERNEL32.DLL' 1e18.1524: supR3HardenedDllNotificationCallback: load 00007ff68fdb0000 LB 0x0012c000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0] 1e18.1524: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 1e18.1524: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe) 1e18.1524: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 221c.1714: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 109 ms, CloseEvents); 23c0.1b84: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 1243 ms, the end);