798.18b0: Log file opened: 4.3.18r96516 g_hStartupLog=0000000000000068 g_uNtVerCombined=0x63258000 798.18b0: \SystemRoot\System32\ntdll.dll: 798.18b0: CreationTime: 2014-11-28T04:31:07.405671300Z 798.18b0: LastWriteTime: 2014-10-29T03:53:30.904424400Z 798.18b0: ChangeTime: 2014-11-28T04:41:35.261168800Z 798.18b0: FileAttributes: 0x20 798.18b0: Size: 0x1a7540 798.18b0: NT Headers: 0xd8 798.18b0: Timestamp: 0x5450559e 798.18b0: Machine: 0x8664 - amd64 798.18b0: Timestamp: 0x5450559e 798.18b0: Image Version: 6.3 798.18b0: SizeOfImage: 0x1ac000 (1753088) 798.18b0: Resource Dir: 0x148000 LB 0x62450 798.18b0: ProductName: Microsoft® Windows® Operating System 798.18b0: ProductVersion: 6.3.9600.17415 798.18b0: FileVersion: 6.3.9600.17415 (winblue_r4.141028-1500) 798.18b0: FileDescription: NT Layer DLL 798.18b0: \SystemRoot\System32\kernel32.dll: 798.18b0: CreationTime: 2014-11-28T04:30:58.791776300Z 798.18b0: LastWriteTime: 2014-10-29T04:09:24.572407200Z 798.18b0: ChangeTime: 2014-11-28T04:41:30.807828600Z 798.18b0: FileAttributes: 0x20 798.18b0: Size: 0x13fc30 798.18b0: NT Headers: 0xf8 798.18b0: Timestamp: 0x545054ca 798.18b0: Machine: 0x8664 - amd64 798.18b0: Timestamp: 0x545054ca 798.18b0: Image Version: 6.3 798.18b0: SizeOfImage: 0x13e000 (1302528) 798.18b0: Resource Dir: 0x12e000 LB 0x518 798.18b0: ProductName: Microsoft® Windows® Operating System 798.18b0: ProductVersion: 6.3.9600.17415 798.18b0: FileVersion: 6.3.9600.17415 (winblue_r4.141028-1500) 798.18b0: FileDescription: Windows NT BASE API Client DLL 798.18b0: \SystemRoot\System32\KernelBase.dll: 798.18b0: CreationTime: 2014-11-28T04:31:09.697853400Z 798.18b0: LastWriteTime: 2014-10-29T03:55:08.402989600Z 798.18b0: ChangeTime: 2014-11-28T04:40:38.123039200Z 798.18b0: FileAttributes: 0x20 798.18b0: Size: 0x114a90 798.18b0: NT Headers: 0xf0 798.18b0: Timestamp: 0x54505737 798.18b0: Machine: 0x8664 - amd64 798.18b0: Timestamp: 0x54505737 798.18b0: Image Version: 6.3 798.18b0: SizeOfImage: 0x115000 (1134592) 798.18b0: Resource Dir: 0x110000 LB 0x3528 798.18b0: ProductName: Microsoft® Windows® Operating System 798.18b0: ProductVersion: 6.3.9600.17415 798.18b0: FileVersion: 6.3.9600.17415 (winblue_r4.141028-1500) 798.18b0: FileDescription: Windows NT BASE API Client DLL 798.18b0: \SystemRoot\System32\apisetschema.dll: 798.18b0: CreationTime: 2013-08-22T12:13:09.745625900Z 798.18b0: LastWriteTime: 2013-08-22T12:35:12.091034400Z 798.18b0: ChangeTime: 2013-10-17T18:22:55.319119800Z 798.18b0: FileAttributes: 0x20 798.18b0: Size: 0x11360 798.18b0: NT Headers: 0xd0 798.18b0: Timestamp: 0x52160049 798.18b0: Machine: 0x8664 - amd64 798.18b0: Timestamp: 0x52160049 798.18b0: Image Version: 6.3 798.18b0: SizeOfImage: 0x13000 (77824) 798.18b0: Resource Dir: 0x11000 LB 0x3f8 798.18b0: ProductName: Microsoft® Windows® Operating System 798.18b0: ProductVersion: 6.3.9600.16384 798.18b0: FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623) 798.18b0: FileDescription: ApiSet Schema DLL 798.18b0: NtOpenDirectoryObject failed on \Driver: 0xc0000022 798.18b0: supR3HardenedWinFindAdversaries: 0x0 798.18b0: Calling main() 798.18b0: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 798.18b0: SUPR3HardenedMain: Respawn #1 798.18b0: System32: \Device\HarddiskVolume6\Windows\System32 798.18b0: WinSxS: \Device\HarddiskVolume6\Windows\WinSxS 798.18b0: KnownDllPath: C:\WINDOWS\system32 798.18b0: '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 798.18b0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe) 798.18b0: supR3HardNtEnableThreadCreation: 798.18b0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffafbd9a650 pvNtTerminateThread=00007ffafbe11170 798.18b0: supR3HardenedWinDoReSpawn(1): New child 268c.ce0 [kernel32]. 798.18b0: supR3HardNtChildGatherData: PebBaseAddress=00007ff7f9bd4000 cbPeb=0x388 798.18b0: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffafbd80000 uNtDllChildAddr=00007ffafbd80000 798.18b0: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffafbd9a650 798.18b0: supR3HardenedWinSetupChildInit: Start child. 798.18b0: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. 798.18b0: supR3HardNtChildPurify: Startup delay kludge #1/0: 263 ms, 32 sleeps 798.18b0: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 798.18b0: *0000000000000000-ffffffffffc3ffff 0x0001/0x0000 0x0000000 798.18b0: *00000000003c0000-000000000039ffff 0x0004/0x0004 0x0020000 798.18b0: *00000000003e0000-00000000003d0fff 0x0002/0x0002 0x0040000 798.18b0: 00000000003ef000-00000000003edfff 0x0001/0x0000 0x0000000 798.18b0: *00000000003f0000-00000000002f3fff 0x0000/0x0004 0x0020000 798.18b0: 00000000004ec000-00000000004e8fff 0x0104/0x0004 0x0020000 798.18b0: 00000000004ef000-00000000004edfff 0x0004/0x0004 0x0020000 798.18b0: *00000000004f0000-00000000004ebfff 0x0002/0x0002 0x0040000 798.18b0: 00000000004f4000-00000000004e7fff 0x0001/0x0000 0x0000000 798.18b0: *0000000000500000-00000000004fdfff 0x0004/0x0004 0x0020000 798.18b0: 0000000000502000-00000000004f3fff 0x0001/0x0000 0x0000000 798.18b0: *0000000000510000-000000000050efff 0x0040/0x0040 0x0020000 !! 798.18b0: supHardNtVpScanVirtualMemory: Freeing exec mem at 0000000000510000 (0000000000510000 LB 0x1000) 798.18b0: 0000000000511000-ffffffff80a41fff 0x0001/0x0000 0x0000000 798.18b0: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000 798.18b0: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000 798.18b0: 000000007fff0000-ffff80090642ffff 0x0001/0x0000 0x0000000 798.18b0: *00007ff7f9bb0000-00007ff7f9b8cfff 0x0002/0x0002 0x0040000 798.18b0: 00007ff7f9bd3000-00007ff7f9bd1fff 0x0001/0x0000 0x0000000 798.18b0: *00007ff7f9bd4000-00007ff7f9bd2fff 0x0004/0x0004 0x0020000 798.18b0: 00007ff7f9bd5000-00007ff7f9bcbfff 0x0001/0x0000 0x0000000 798.18b0: *00007ff7f9bde000-00007ff7f9bdbfff 0x0004/0x0004 0x0020000 798.18b0: 00007ff7f9be0000-00007ff7f8e2ffff 0x0001/0x0000 0x0000000 798.18b0: *00007ff7fa990000-00007ff7fa98efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe 798.18b0: 00007ff7fa991000-00007ff7fa90cfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe 798.18b0: 00007ff7faa15000-00007ff7faa13fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe 798.18b0: 00007ff7faa16000-00007ff7fa9d8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe 798.18b0: 00007ff7faa53000-00007ff7faa51fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe 798.18b0: 00007ff7faa54000-00007ff7faa52fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe 798.18b0: 00007ff7faa55000-00007ff7faa52fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe 798.18b0: 00007ff7faa57000-00007ff7faa55fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe 798.18b0: 00007ff7faa58000-00007ff7faa56fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe 798.18b0: 00007ff7faa59000-00007ff7faa54fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe 798.18b0: 00007ff7faa5d000-00007ff7faa23fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe 798.18b0: 00007ff7faa96000-00007ff4f97abfff 0x0001/0x0000 0x0000000 798.18b0: *00007ffafbd80000-00007ffafbd7efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume6\Windows\System32\ntdll.dll 798.18b0: 00007ffafbd81000-00007ffafbc54fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume6\Windows\System32\ntdll.dll 798.18b0: 00007ffafbead000-00007ffafbea6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume6\Windows\System32\ntdll.dll 798.18b0: 00007ffafbeb3000-00007ffafbea5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume6\Windows\System32\ntdll.dll 798.18b0: 00007ffafbec0000-00007ffafbebefff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume6\Windows\System32\ntdll.dll 798.18b0: 00007ffafbec1000-00007ffafbebdfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume6\Windows\System32\ntdll.dll 798.18b0: 00007ffafbec4000-00007ffafbec2fff 0x0010/0x0080 0x1000000 \Device\HarddiskVolume6\Windows\System32\ntdll.dll 798.18b0: 00007ffafbec5000-00007ffafbe5dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume6\Windows\System32\ntdll.dll 798.18b0: 00007ffafbf2c000-00007ff5f7e77fff 0x0001/0x0000 0x0000000 798.18b0: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000 798.18b0: VirtualBox.exe: timestamp 0x5439147c (rc=VINF_SUCCESS) 798.18b0: '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 798.18b0: '\Device\HarddiskVolume6\Windows\System32\ntdll.dll' has no imports 798.18b0: supR3HardNtChildPurify: cFixes=1 g_fSupAdversaries=0x80000000 798.18b0: supR3HardNtChildPurify: Startup delay kludge #1/1: 520 ms, 61 sleeps 798.18b0: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 798.18b0: *0000000000000000-ffffffffffc3ffff 0x0001/0x0000 0x0000000 798.18b0: *00000000003c0000-000000000039ffff 0x0004/0x0004 0x0020000 798.18b0: *00000000003e0000-00000000003d0fff 0x0002/0x0002 0x0040000 798.18b0: 00000000003ef000-00000000003edfff 0x0001/0x0000 0x0000000 798.18b0: *00000000003f0000-00000000002f3fff 0x0000/0x0004 0x0020000 798.18b0: 00000000004ec000-00000000004e8fff 0x0104/0x0004 0x0020000 798.18b0: 00000000004ef000-00000000004edfff 0x0004/0x0004 0x0020000 798.18b0: *00000000004f0000-00000000004ebfff 0x0002/0x0002 0x0040000 798.18b0: 00000000004f4000-00000000004e7fff 0x0001/0x0000 0x0000000 798.18b0: *0000000000500000-00000000004fdfff 0x0004/0x0004 0x0020000 798.18b0: 0000000000502000-ffffffff80a23fff 0x0001/0x0000 0x0000000 798.18b0: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000 798.18b0: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000 798.18b0: 000000007fff0000-ffff80090642ffff 0x0001/0x0000 0x0000000 798.18b0: *00007ff7f9bb0000-00007ff7f9b8cfff 0x0002/0x0002 0x0040000 798.18b0: 00007ff7f9bd3000-00007ff7f9bd1fff 0x0001/0x0000 0x0000000 798.18b0: *00007ff7f9bd4000-00007ff7f9bd2fff 0x0004/0x0004 0x0020000 798.18b0: 00007ff7f9bd5000-00007ff7f9bcbfff 0x0001/0x0000 0x0000000 798.18b0: *00007ff7f9bde000-00007ff7f9bdbfff 0x0004/0x0004 0x0020000 798.18b0: 00007ff7f9be0000-00007ff7f8e2ffff 0x0001/0x0000 0x0000000 798.18b0: *00007ff7fa990000-00007ff7fa98efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe 798.18b0: 00007ff7fa991000-00007ff7fa90cfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe 798.18b0: 00007ff7faa15000-00007ff7faa13fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe 798.18b0: 00007ff7faa16000-00007ff7fa9d8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe 798.18b0: 00007ff7faa53000-00007ff7faa48fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe 798.18b0: 00007ff7faa5d000-00007ff7faa23fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe 798.18b0: 00007ff7faa96000-00007ff4f97abfff 0x0001/0x0000 0x0000000 798.18b0: *00007ffafbd80000-00007ffafbd7efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume6\Windows\System32\ntdll.dll 798.18b0: 00007ffafbd81000-00007ffafbc54fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume6\Windows\System32\ntdll.dll 798.18b0: 00007ffafbead000-00007ffafbea6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume6\Windows\System32\ntdll.dll 798.18b0: 00007ffafbeb3000-00007ffafbea5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume6\Windows\System32\ntdll.dll 798.18b0: 00007ffafbec0000-00007ffafbebbfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume6\Windows\System32\ntdll.dll 798.18b0: 00007ffafbec4000-00007ffafbec2fff 0x0010/0x0080 0x1000000 \Device\HarddiskVolume6\Windows\System32\ntdll.dll 798.18b0: 00007ffafbec5000-00007ffafbe5dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume6\Windows\System32\ntdll.dll 798.18b0: 00007ffafbf2c000-00007ff5f7e77fff 0x0001/0x0000 0x0000000 798.18b0: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000 798.18b0: supR3HardNtChildPurify: Done after 827 ms and 1 fixes (loop #1). 798.18b0: supR3HardNtEnableThreadCreation: 268c.ce0: Log file opened: 4.3.18r96516 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x63258000 268c.ce0: supR3HardenedVmProcessInit: uNtDllAddr=00007ffafbd80000 268c.ce0: ntdll.dll: timestamp 0x5450559e (rc=VINF_SUCCESS) 268c.ce0: New simple heap: #1 0000000000610000 LB 0x400000 (for 1753088 allocation) 268c.ce0: System32: \Device\HarddiskVolume6\Windows\System32 268c.ce0: WinSxS: \Device\HarddiskVolume6\Windows\WinSxS 268c.ce0: KnownDllPath: C:\WINDOWS\system32 268c.ce0: supR3HardenedVmProcessInit: Opening vboxdrv stub... 268c.ce0: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 268c.ce0: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 268c.ce0: Registered Dll notification callback with NTDLL. 268c.ce0: supR3HardenedMonitor_LdrLoadDll: 'KERNEL32.DLL' -> 'C:\WINDOWS\system32\KERNEL32.DLL' [rcNt=0xc0150008] 268c.ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\kernel32.dll) 268c.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\kernel32.dll 268c.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\KERNEL32.DLL *pfFlags=0xffffffff pwszSearchPath=0000000000000801: [calling] 268c.ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 268c.ce0: supR3HardenedDllNotificationCallback: load 00007ffaf8fa0000 LB 0x00115000 C:\WINDOWS\system32\KERNELBASE.dll [fFlags=0x0] 268c.ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\KernelBase.dll) 268c.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\KernelBase.dll 268c.ce0: supR3HardenedDllNotificationCallback: load 00007ffafa210000 LB 0x0013e000 C:\WINDOWS\system32\KERNEL32.DLL [fFlags=0x0] 268c.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 268c.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffafa210000 'C:\WINDOWS\system32\KERNEL32.DLL' 268c.ce0: supR3HardenedDllNotificationCallback: load 00007ff7fa990000 LB 0x00106000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0] 268c.ce0: '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 268c.ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe) 268c.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe 798.18b0: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 85 ms, CloseEvents);