26dc.8e0: Log file opened: 4.3.20r96997 g_hStartupLog=0000000000000024 g_uNtVerCombined=0x611db110 26dc.8e0: \SystemRoot\System32\ntdll.dll: 26dc.8e0: CreationTime: 2014-01-29T19:37:43.928253400Z 26dc.8e0: LastWriteTime: 2013-08-02T02:15:44.087554100Z 26dc.8e0: ChangeTime: 2014-01-29T20:20:44.781466400Z 26dc.8e0: FileAttributes: 0x20 26dc.8e0: Size: 0x1a6dc0 26dc.8e0: NT Headers: 0xe0 26dc.8e0: Timestamp: 0x51fb164a 26dc.8e0: Machine: 0x8664 - amd64 26dc.8e0: Timestamp: 0x51fb164a 26dc.8e0: Image Version: 6.1 26dc.8e0: SizeOfImage: 0x1a9000 (1740800) 26dc.8e0: Resource Dir: 0x151000 LB 0x560d8 26dc.8e0: ProductName: Microsoft® Windows® Operating System 26dc.8e0: ProductVersion: 6.1.7601.18229 26dc.8e0: FileVersion: 6.1.7601.18229 (win7sp1_gdr.130801-1533) 26dc.8e0: FileDescription: NT Layer DLL 26dc.8e0: \SystemRoot\System32\kernel32.dll: 26dc.8e0: CreationTime: 2014-04-16T17:57:48.640715700Z 26dc.8e0: LastWriteTime: 2014-03-04T09:44:00.336000000Z 26dc.8e0: ChangeTime: 2014-04-16T18:28:22.435803400Z 26dc.8e0: FileAttributes: 0x20 26dc.8e0: Size: 0x11c000 26dc.8e0: NT Headers: 0xe8 26dc.8e0: Timestamp: 0x5315a059 26dc.8e0: Machine: 0x8664 - amd64 26dc.8e0: Timestamp: 0x5315a059 26dc.8e0: Image Version: 6.1 26dc.8e0: SizeOfImage: 0x11f000 (1175552) 26dc.8e0: Resource Dir: 0x116000 LB 0x528 26dc.8e0: ProductName: Microsoft® Windows® Operating System 26dc.8e0: ProductVersion: 6.1.7601.18409 26dc.8e0: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144) 26dc.8e0: FileDescription: Windows NT BASE API Client DLL 26dc.8e0: \SystemRoot\System32\KernelBase.dll: 26dc.8e0: CreationTime: 2014-01-29T19:37:45.304028500Z 26dc.8e0: LastWriteTime: 2013-08-02T02:13:34.580000000Z 26dc.8e0: ChangeTime: 2014-01-29T20:20:45.639488400Z 26dc.8e0: FileAttributes: 0x20 26dc.8e0: Size: 0x67a00 26dc.8e0: NT Headers: 0xe8 26dc.8e0: Timestamp: 0x51fb1677 26dc.8e0: Machine: 0x8664 - amd64 26dc.8e0: Timestamp: 0x51fb1677 26dc.8e0: Image Version: 6.1 26dc.8e0: SizeOfImage: 0x6b000 (438272) 26dc.8e0: Resource Dir: 0x69000 LB 0x530 26dc.8e0: ProductName: Microsoft® Windows® Operating System 26dc.8e0: ProductVersion: 6.1.7601.18229 26dc.8e0: FileVersion: 6.1.7601.18229 (win7sp1_gdr.130801-1533) 26dc.8e0: FileDescription: Windows NT BASE API Client DLL 26dc.8e0: \SystemRoot\System32\apisetschema.dll: 26dc.8e0: CreationTime: 2014-01-29T19:37:47.254418500Z 26dc.8e0: LastWriteTime: 2013-08-02T06:20:45.851000000Z 26dc.8e0: ChangeTime: 2014-01-29T20:20:44.625462400Z 26dc.8e0: FileAttributes: 0x20 26dc.8e0: Size: 0x1a00 26dc.8e0: NT Headers: 0xc0 26dc.8e0: Timestamp: 0x51fb5005 26dc.8e0: Machine: 0x8664 - amd64 26dc.8e0: Timestamp: 0x51fb5005 26dc.8e0: Image Version: 6.1 26dc.8e0: SizeOfImage: 0x50000 (327680) 26dc.8e0: Resource Dir: 0x30000 LB 0x3f8 26dc.8e0: ProductName: Microsoft® Windows® Operating System 26dc.8e0: ProductVersion: 6.1.7601.22411 26dc.8e0: FileVersion: 6.1.7601.22411 (win7sp1_ldr.130801-1934) 26dc.8e0: FileDescription: ApiSet Schema DLL 26dc.8e0: Found driver SymNetS (0x2) 26dc.8e0: Found driver SymDS (0x2) 26dc.8e0: Found driver SRTSPX (0x2) 26dc.8e0: Found driver SymEvent (0x2) 26dc.8e0: Found driver SymIRON (0x2) 26dc.8e0: supR3HardenedWinFindAdversaries: 0x2 26dc.8e0: \SystemRoot\System32\drivers\SysPlant.sys: 26dc.8e0: CreationTime: 2014-04-22T20:12:36.053609800Z 26dc.8e0: LastWriteTime: 2014-04-22T20:12:36.069209800Z 26dc.8e0: ChangeTime: 2014-04-22T20:12:36.069209800Z 26dc.8e0: FileAttributes: 0x20 26dc.8e0: Size: 0x25ed8 26dc.8e0: NT Headers: 0x100 26dc.8e0: Timestamp: 0x52647ffd 26dc.8e0: Machine: 0x8664 - amd64 26dc.8e0: Timestamp: 0x52647ffd 26dc.8e0: Image Version: 5.0 26dc.8e0: SizeOfImage: 0x2e000 (188416) 26dc.8e0: Resource Dir: 0x2c000 LB 0x498 26dc.8e0: ProductName: Symantec CMC Firewall 26dc.8e0: ProductVersion: 12.1.4013.4013 26dc.8e0: FileVersion: 12.1.4013.4013 26dc.8e0: FileDescription: Symantec CMC Firewall SysPlant 26dc.8e0: \SystemRoot\System32\sysfer.dll: 26dc.8e0: CreationTime: 2014-04-22T20:12:36.053609800Z 26dc.8e0: LastWriteTime: 2014-04-22T20:12:36.053609800Z 26dc.8e0: ChangeTime: 2014-04-22T20:12:36.053609800Z 26dc.8e0: FileAttributes: 0x20 26dc.8e0: Size: 0x70190 26dc.8e0: NT Headers: 0xe8 26dc.8e0: Timestamp: 0x526480b2 26dc.8e0: Machine: 0x8664 - amd64 26dc.8e0: Timestamp: 0x526480b2 26dc.8e0: Image Version: 0.0 26dc.8e0: SizeOfImage: 0x87000 (552960) 26dc.8e0: Resource Dir: 0x85000 LB 0x630 26dc.8e0: ProductName: Symantec CMC Firewall 26dc.8e0: ProductVersion: 12.1.4013.4013 26dc.8e0: FileVersion: 12.1.4013.4013 26dc.8e0: FileDescription: Symantec CMC Firewall sysfer 26dc.8e0: \SystemRoot\System32\sysferThunk.dll: 26dc.8e0: CreationTime: 2014-04-22T20:12:36.053609800Z 26dc.8e0: LastWriteTime: 2014-04-22T20:12:36.053609800Z 26dc.8e0: ChangeTime: 2014-04-22T20:12:36.053609800Z 26dc.8e0: FileAttributes: 0x20 26dc.8e0: Size: 0x2f90 26dc.8e0: NT Headers: 0xd0 26dc.8e0: Timestamp: 0x526480b3 26dc.8e0: Machine: 0x8664 - amd64 26dc.8e0: Timestamp: 0x526480b3 26dc.8e0: Image Version: 0.0 26dc.8e0: SizeOfImage: 0x8000 (32768) 26dc.8e0: Resource Dir: 0x6000 LB 0x648 26dc.8e0: ProductName: Symantec CMC Firewall 26dc.8e0: ProductVersion: 12.1.4013.4013 26dc.8e0: FileVersion: 12.1.4013.4013 26dc.8e0: FileDescription: Symantec CMC Firewall SysferThunk 26dc.8e0: \SystemRoot\System32\drivers\symevent64x86.sys: 26dc.8e0: CreationTime: 2013-10-09T20:14:44.144924800Z 26dc.8e0: LastWriteTime: 2014-04-22T20:11:05.189614400Z 26dc.8e0: ChangeTime: 2014-04-22T20:11:05.189614400Z 26dc.8e0: FileAttributes: 0x20 26dc.8e0: Size: 0x2b658 26dc.8e0: NT Headers: 0xe8 26dc.8e0: Timestamp: 0x51f32ff2 26dc.8e0: Machine: 0x8664 - amd64 26dc.8e0: Timestamp: 0x51f32ff2 26dc.8e0: Image Version: 6.0 26dc.8e0: SizeOfImage: 0x38000 (229376) 26dc.8e0: Resource Dir: 0x36000 LB 0x3c8 26dc.8e0: ProductName: SYMEVENT 26dc.8e0: ProductVersion: 12.9.5.2 26dc.8e0: FileVersion: 12.9.5.2 26dc.8e0: FileDescription: Symantec Event Library 26dc.8e0: Calling main() 26dc.8e0: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 26dc.8e0: SUPR3HardenedMain: Respawn #1 26dc.8e0: System32: \Device\HarddiskVolume1\Windows\System32 26dc.8e0: WinSxS: \Device\HarddiskVolume1\Windows\winsxs 26dc.8e0: KnownDllPath: C:\Windows\system32 26dc.8e0: '\Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VirtualBox.exe' has no imports 26dc.8e0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VirtualBox.exe) 26dc.8e0: supR3HardNtEnableThreadCreation: 26dc.8e0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000077a8c340 pvNtTerminateThread=0000000077ab17e0 26dc.8e0: supR3HardenedWinDoReSpawn(1): New child 25b8.2844 [kernel32]. 26dc.8e0: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdf000 cbPeb=0x380 26dc.8e0: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077a60000 uNtDllChildAddr=0000000077a60000 26dc.8e0: supR3HardenedWinSetupChildInit: uLdrInitThunk=0000000077a8c340 26dc.8e0: supR3HardenedWinSetupChildInit: Start child. 26dc.8e0: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 19 ms. 26dc.8e0: supR3HardNtChildPurify: Startup delay kludge #1/0: 520 ms, 65 sleeps 26dc.8e0: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 26dc.8e0: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000 26dc.8e0: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000 26dc.8e0: *0000000000030000-0000000000027fff 0x0040/0x0040 0x0020000 !! 26dc.8e0: supHardNtVpScanVirtualMemory: Freeing exec mem at 0000000000030000 (0000000000030000 LB 0x8000) 26dc.8e0: 0000000000038000-000000000002ffff 0x0001/0x0000 0x0000000 26dc.8e0: *0000000000040000-000000000003bfff 0x0002/0x0002 0x0040000 26dc.8e0: 0000000000044000-0000000000037fff 0x0001/0x0000 0x0000000 26dc.8e0: *0000000000050000-000000000004efff 0x0004/0x0004 0x0020000 26dc.8e0: 0000000000051000-0000000000041fff 0x0001/0x0000 0x0000000 26dc.8e0: *0000000000060000-000000000005efff 0x0004/0x0004 0x0020000 26dc.8e0: 0000000000061000-0000000000041fff 0x0001/0x0000 0x0000000 26dc.8e0: *0000000000080000-fffffffffff83fff 0x0000/0x0004 0x0020000 26dc.8e0: 000000000017c000-0000000000178fff 0x0104/0x0004 0x0020000 26dc.8e0: 000000000017f000-000000000017dfff 0x0004/0x0004 0x0020000 26dc.8e0: 0000000000180000-ffffffff8889ffff 0x0001/0x0000 0x0000000 26dc.8e0: *0000000077a60000-0000000077a5efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 26dc.8e0: 0000000077a61000-000000007795efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 26dc.8e0: 0000000077b63000-0000000077b33fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 26dc.8e0: 0000000077b92000-0000000077b89fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 26dc.8e0: 0000000077b9a000-0000000077b98fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 26dc.8e0: 0000000077b9b000-0000000077b97fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 26dc.8e0: 0000000077b9e000-0000000077b32fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 26dc.8e0: 0000000077c09000-0000000070831fff 0x0001/0x0000 0x0000000 26dc.8e0: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000 26dc.8e0: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000 26dc.8e0: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000 26dc.8e0: 000000007fff0000-ffffffffc05cffff 0x0001/0x0000 0x0000000 26dc.8e0: *000000013fa10000-000000013fa0efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VirtualBox.exe 26dc.8e0: 000000013fa11000-000000013f98cfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VirtualBox.exe 26dc.8e0: 000000013fa95000-000000013fa93fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VirtualBox.exe 26dc.8e0: 000000013fa96000-000000013fa58fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VirtualBox.exe 26dc.8e0: 000000013fad3000-000000013fad1fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VirtualBox.exe 26dc.8e0: 000000013fad4000-000000013fad2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VirtualBox.exe 26dc.8e0: 000000013fad5000-000000013fad2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VirtualBox.exe 26dc.8e0: 000000013fad7000-000000013fad5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VirtualBox.exe 26dc.8e0: 000000013fad8000-000000013fad6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VirtualBox.exe 26dc.8e0: 000000013fad9000-000000013fad4fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VirtualBox.exe 26dc.8e0: 000000013fadd000-000000013faa3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VirtualBox.exe 26dc.8e0: 000000013fb16000-fffff8037f8abfff 0x0001/0x0000 0x0000000 26dc.8e0: *000007feffd80000-000007feffd7efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\apisetschema.dll 26dc.8e0: 000007feffd81000-000007fdffb51fff 0x0001/0x0000 0x0000000 26dc.8e0: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000 26dc.8e0: 000007fffffd3000-000007fffffc8fff 0x0001/0x0000 0x0000000 26dc.8e0: *000007fffffdd000-000007fffffdafff 0x0004/0x0004 0x0020000 26dc.8e0: *000007fffffdf000-000007fffffddfff 0x0004/0x0004 0x0020000 26dc.8e0: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000 26dc.8e0: apisetschema.dll: timestamp 0x51fb5005 (rc=VINF_SUCCESS) 26dc.8e0: VirtualBox.exe: timestamp 0x54731167 (rc=VINF_SUCCESS) 26dc.8e0: '\Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VirtualBox.exe' has no imports 26dc.8e0: '\Device\HarddiskVolume1\Windows\System32\apisetschema.dll' has no imports 26dc.8e0: '\Device\HarddiskVolume1\Windows\System32\ntdll.dll' has no imports 26dc.8e0: supR3HardNtChildPurify: cFixes=1 g_fSupAdversaries=0x2 cPatchCount=0 26dc.8e0: supR3HardNtChildPurify: Startup delay kludge #1/1: 520 ms, 65 sleeps 26dc.8e0: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 26dc.8e0: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000 26dc.8e0: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000 26dc.8e0: 0000000000030000-000000000001ffff 0x0001/0x0000 0x0000000 26dc.8e0: *0000000000040000-000000000003bfff 0x0002/0x0002 0x0040000 26dc.8e0: 0000000000044000-0000000000037fff 0x0001/0x0000 0x0000000 26dc.8e0: *0000000000050000-000000000004efff 0x0004/0x0004 0x0020000 26dc.8e0: 0000000000051000-0000000000041fff 0x0001/0x0000 0x0000000 26dc.8e0: *0000000000060000-000000000005efff 0x0004/0x0004 0x0020000 26dc.8e0: 0000000000061000-0000000000041fff 0x0001/0x0000 0x0000000 26dc.8e0: *0000000000080000-fffffffffff83fff 0x0000/0x0004 0x0020000 26dc.8e0: 000000000017c000-0000000000178fff 0x0104/0x0004 0x0020000 26dc.8e0: 000000000017f000-000000000017dfff 0x0004/0x0004 0x0020000 26dc.8e0: 0000000000180000-ffffffff8889ffff 0x0001/0x0000 0x0000000 26dc.8e0: *0000000077a60000-0000000077a5efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 26dc.8e0: 0000000077a61000-000000007795efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 26dc.8e0: 0000000077b63000-0000000077b33fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 26dc.8e0: 0000000077b92000-0000000077b89fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 26dc.8e0: 0000000077b9a000-0000000077b98fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 26dc.8e0: 0000000077b9b000-0000000077b99fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 26dc.8e0: 0000000077b9c000-0000000077b99fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 26dc.8e0: 0000000077b9e000-0000000077b32fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 26dc.8e0: 0000000077c09000-0000000070831fff 0x0001/0x0000 0x0000000 26dc.8e0: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000 26dc.8e0: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000 26dc.8e0: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000 26dc.8e0: 000000007fff0000-ffffffffc05cffff 0x0001/0x0000 0x0000000 26dc.8e0: *000000013fa10000-000000013fa0efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VirtualBox.exe 26dc.8e0: 000000013fa11000-000000013f98cfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VirtualBox.exe 26dc.8e0: 000000013fa95000-000000013fa93fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VirtualBox.exe 26dc.8e0: 000000013fa96000-000000013fa58fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VirtualBox.exe 26dc.8e0: 000000013fad3000-000000013fac8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VirtualBox.exe 26dc.8e0: 000000013fadd000-000000013faa3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VirtualBox.exe 26dc.8e0: 000000013fb16000-fffff8037f8abfff 0x0001/0x0000 0x0000000 26dc.8e0: *000007feffd80000-000007feffd7efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\apisetschema.dll 26dc.8e0: 000007feffd81000-000007fdffb51fff 0x0001/0x0000 0x0000000 26dc.8e0: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000 26dc.8e0: 000007fffffd3000-000007fffffc8fff 0x0001/0x0000 0x0000000 26dc.8e0: *000007fffffdd000-000007fffffdafff 0x0004/0x0004 0x0020000 26dc.8e0: *000007fffffdf000-000007fffffddfff 0x0004/0x0004 0x0020000 26dc.8e0: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000 26dc.8e0: supR3HardNtChildPurify: Done after 1064 ms and 1 fixes (loop #1). 25b8.2844: Log file opened: 4.3.20r96997 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db110 25b8.2844: supR3HardenedVmProcessInit: uNtDllAddr=0000000077a60000 26dc.8e0: supR3HardNtEnableThreadCreation: 25b8.2844: ntdll.dll: timestamp 0x51fb164a (rc=VINF_SUCCESS) 25b8.2844: New simple heap: #1 0000000000280000 LB 0x400000 (for 1740800 allocation) 25b8.2844: System32: \Device\HarddiskVolume1\Windows\System32 25b8.2844: WinSxS: \Device\HarddiskVolume1\Windows\winsxs 25b8.2844: KnownDllPath: C:\Windows\system32 25b8.2844: supR3HardenedVmProcessInit: Opening vboxdrv stub... 25b8.2844: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 25b8.2844: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 25b8.2844: Registered Dll notification callback with NTDLL. 25b8.2844: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\kernel32.dll) 25b8.2844: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\kernel32.dll 25b8.2844: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000: [calling] 25b8.2844: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 25b8.2844: supR3HardenedDllNotificationCallback: load 0000000077360000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0] 25b8.2844: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 25b8.2844: supR3HardenedDllNotificationCallback: load 000007fefdf70000 LB 0x0006b000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0] 25b8.2844: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\KernelBase.dll) 25b8.2844: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\KernelBase.dll 25b8.2844: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077360000 'C:\Windows\system32\kernel32.dll' 25b8.2844: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000077a8c340 pvNtTerminateThread=0000000077ab17e0 26dc.8e0: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 20 ms. 25b8.2844: \SystemRoot\System32\ntdll.dll: 25b8.2844: CreationTime: 2014-01-29T19:37:43.928253400Z 25b8.2844: LastWriteTime: 2013-08-02T02:15:44.087554100Z 25b8.2844: ChangeTime: 2014-01-29T20:20:44.781466400Z 25b8.2844: FileAttributes: 0x20 25b8.2844: Size: 0x1a6dc0 25b8.2844: NT Headers: 0xe0 25b8.2844: Timestamp: 0x51fb164a 25b8.2844: Machine: 0x8664 - amd64 25b8.2844: Timestamp: 0x51fb164a 25b8.2844: Image Version: 6.1 25b8.2844: SizeOfImage: 0x1a9000 (1740800) 25b8.2844: Resource Dir: 0x151000 LB 0x560d8 25b8.2844: ProductName: Microsoft® Windows® Operating System 25b8.2844: ProductVersion: 6.1.7601.18229 25b8.2844: FileVersion: 6.1.7601.18229 (win7sp1_gdr.130801-1533) 25b8.2844: FileDescription: NT Layer DLL 25b8.2844: \SystemRoot\System32\kernel32.dll: 25b8.2844: CreationTime: 2014-04-16T17:57:48.640715700Z 25b8.2844: LastWriteTime: 2014-03-04T09:44:00.336000000Z 25b8.2844: ChangeTime: 2014-04-16T18:28:22.435803400Z 25b8.2844: FileAttributes: 0x20 25b8.2844: Size: 0x11c000 25b8.2844: NT Headers: 0xe8 25b8.2844: Timestamp: 0x5315a059 25b8.2844: Machine: 0x8664 - amd64 25b8.2844: Timestamp: 0x5315a059 25b8.2844: Image Version: 6.1 25b8.2844: SizeOfImage: 0x11f000 (1175552) 25b8.2844: Resource Dir: 0x116000 LB 0x528 25b8.2844: ProductName: Microsoft® Windows® Operating System 25b8.2844: ProductVersion: 6.1.7601.18409 25b8.2844: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144) 25b8.2844: FileDescription: Windows NT BASE API Client DLL 25b8.2844: \SystemRoot\System32\KernelBase.dll: 25b8.2844: CreationTime: 2014-01-29T19:37:45.304028500Z 25b8.2844: LastWriteTime: 2013-08-02T02:13:34.580000000Z 25b8.2844: ChangeTime: 2014-01-29T20:20:45.639488400Z 25b8.2844: FileAttributes: 0x20 25b8.2844: Size: 0x67a00 25b8.2844: NT Headers: 0xe8 25b8.2844: Timestamp: 0x51fb1677 25b8.2844: Machine: 0x8664 - amd64 25b8.2844: Timestamp: 0x51fb1677 25b8.2844: Image Version: 6.1 25b8.2844: SizeOfImage: 0x6b000 (438272) 25b8.2844: Resource Dir: 0x69000 LB 0x530 25b8.2844: ProductName: Microsoft® Windows® Operating System 25b8.2844: ProductVersion: 6.1.7601.18229 25b8.2844: FileVersion: 6.1.7601.18229 (win7sp1_gdr.130801-1533) 25b8.2844: FileDescription: Windows NT BASE API Client DLL 25b8.2844: \SystemRoot\System32\apisetschema.dll: 25b8.2844: CreationTime: 2014-01-29T19:37:47.254418500Z 25b8.2844: LastWriteTime: 2013-08-02T06:20:45.851000000Z 25b8.2844: ChangeTime: 2014-01-29T20:20:44.625462400Z 25b8.2844: FileAttributes: 0x20 25b8.2844: Size: 0x1a00 25b8.2844: NT Headers: 0xc0 25b8.2844: Timestamp: 0x51fb5005 25b8.2844: Machine: 0x8664 - amd64 25b8.2844: Timestamp: 0x51fb5005 25b8.2844: Image Version: 6.1 25b8.2844: SizeOfImage: 0x50000 (327680) 25b8.2844: Resource Dir: 0x30000 LB 0x3f8 25b8.2844: ProductName: Microsoft® Windows® Operating System 25b8.2844: ProductVersion: 6.1.7601.22411 25b8.2844: FileVersion: 6.1.7601.22411 (win7sp1_ldr.130801-1934) 25b8.2844: FileDescription: ApiSet Schema DLL 25b8.2844: Found driver SymNetS (0x2) 25b8.2844: Found driver SymDS (0x2) 25b8.2844: Found driver SRTSPX (0x2) 25b8.2844: Found driver SymEvent (0x2) 25b8.2844: Found driver SymIRON (0x2) 25b8.2844: supR3HardenedWinFindAdversaries: 0x2 25b8.2844: \SystemRoot\System32\drivers\SysPlant.sys: 25b8.2844: CreationTime: 2014-04-22T20:12:36.053609800Z 25b8.2844: LastWriteTime: 2014-04-22T20:12:36.069209800Z 25b8.2844: ChangeTime: 2014-04-22T20:12:36.069209800Z 25b8.2844: FileAttributes: 0x20 25b8.2844: Size: 0x25ed8 25b8.2844: NT Headers: 0x100 25b8.2844: Timestamp: 0x52647ffd 25b8.2844: Machine: 0x8664 - amd64 25b8.2844: Timestamp: 0x52647ffd 25b8.2844: Image Version: 5.0 25b8.2844: SizeOfImage: 0x2e000 (188416) 25b8.2844: Resource Dir: 0x2c000 LB 0x498 25b8.2844: ProductName: Symantec CMC Firewall 25b8.2844: ProductVersion: 12.1.4013.4013 25b8.2844: FileVersion: 12.1.4013.4013 25b8.2844: FileDescription: Symantec CMC Firewall SysPlant 25b8.2844: \SystemRoot\System32\sysfer.dll: 25b8.2844: CreationTime: 2014-04-22T20:12:36.053609800Z 25b8.2844: LastWriteTime: 2014-04-22T20:12:36.053609800Z 25b8.2844: ChangeTime: 2014-04-22T20:12:36.053609800Z 25b8.2844: FileAttributes: 0x20 25b8.2844: Size: 0x70190 25b8.2844: NT Headers: 0xe8 25b8.2844: Timestamp: 0x526480b2 25b8.2844: Machine: 0x8664 - amd64 25b8.2844: Timestamp: 0x526480b2 25b8.2844: Image Version: 0.0 25b8.2844: SizeOfImage: 0x87000 (552960) 25b8.2844: Resource Dir: 0x85000 LB 0x630 25b8.2844: ProductName: Symantec CMC Firewall 25b8.2844: ProductVersion: 12.1.4013.4013 25b8.2844: FileVersion: 12.1.4013.4013 25b8.2844: FileDescription: Symantec CMC Firewall sysfer 25b8.2844: \SystemRoot\System32\sysferThunk.dll: 25b8.2844: CreationTime: 2014-04-22T20:12:36.053609800Z 25b8.2844: LastWriteTime: 2014-04-22T20:12:36.053609800Z 25b8.2844: ChangeTime: 2014-04-22T20:12:36.053609800Z 25b8.2844: FileAttributes: 0x20 25b8.2844: Size: 0x2f90 25b8.2844: NT Headers: 0xd0 25b8.2844: Timestamp: 0x526480b3 25b8.2844: Machine: 0x8664 - amd64 25b8.2844: Timestamp: 0x526480b3 25b8.2844: Image Version: 0.0 25b8.2844: SizeOfImage: 0x8000 (32768) 25b8.2844: Resource Dir: 0x6000 LB 0x648 25b8.2844: ProductName: Symantec CMC Firewall 25b8.2844: ProductVersion: 12.1.4013.4013 25b8.2844: FileVersion: 12.1.4013.4013 25b8.2844: FileDescription: Symantec CMC Firewall SysferThunk 25b8.2844: \SystemRoot\System32\drivers\symevent64x86.sys: 25b8.2844: CreationTime: 2013-10-09T20:14:44.144924800Z 25b8.2844: LastWriteTime: 2014-04-22T20:11:05.189614400Z 25b8.2844: ChangeTime: 2014-04-22T20:11:05.189614400Z 25b8.2844: FileAttributes: 0x20 25b8.2844: Size: 0x2b658 25b8.2844: NT Headers: 0xe8 25b8.2844: Timestamp: 0x51f32ff2 25b8.2844: Machine: 0x8664 - amd64 25b8.2844: Timestamp: 0x51f32ff2 25b8.2844: Image Version: 6.0 25b8.2844: SizeOfImage: 0x38000 (229376) 25b8.2844: Resource Dir: 0x36000 LB 0x3c8 25b8.2844: ProductName: SYMEVENT 25b8.2844: ProductVersion: 12.9.5.2 25b8.2844: FileVersion: 12.9.5.2 25b8.2844: FileDescription: Symantec Event Library 25b8.2844: Calling main() 25b8.2844: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 25b8.2844: '\Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VirtualBox.exe' has no imports 25b8.2844: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VirtualBox.exe) 25b8.2844: SUPR3HardenedMain: Respawn #2 25b8.2844: supR3HardNtEnableThreadCreation: 25b8.2844: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\apphelp.dll) 25b8.2844: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\apphelp.dll 25b8.2844: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000: [calling] 25b8.2844: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\apphelp.dll [lacks WinVerifyTrust] 25b8.2844: supR3HardenedDllNotificationCallback: load 000007fefdd90000 LB 0x00057000 C:\Windows\system32\apphelp.dll [fFlags=0x0] 25b8.2844: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\apphelp.dll [lacks WinVerifyTrust] 25b8.2844: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdd90000 'C:\Windows\system32\apphelp.dll'