3908.2bc8: Log file opened: 4.3.20r96997 g_hStartupLog=00000000000000b0 g_uNtVerCombined=0x611db110 3908.2bc8: \SystemRoot\System32\ntdll.dll: 3908.2bc8: CreationTime: 2013-10-09T17:53:24.807072700Z 3908.2bc8: LastWriteTime: 2013-08-29T02:16:35.515578900Z 3908.2bc8: ChangeTime: 2013-10-09T19:37:03.197169100Z 3908.2bc8: FileAttributes: 0x20 3908.2bc8: Size: 0x1a6dc0 3908.2bc8: NT Headers: 0xe0 3908.2bc8: Timestamp: 0x521eaf24 3908.2bc8: Machine: 0x8664 - amd64 3908.2bc8: Timestamp: 0x521eaf24 3908.2bc8: Image Version: 6.1 3908.2bc8: SizeOfImage: 0x1a9000 (1740800) 3908.2bc8: Resource Dir: 0x151000 LB 0x560d8 3908.2bc8: ProductName: Microsoft® Windows® Operating System 3908.2bc8: ProductVersion: 6.1.7601.18247 3908.2bc8: FileVersion: 6.1.7601.18247 (win7sp1_gdr.130828-1532) 3908.2bc8: FileDescription: NT Layer DLL 3908.2bc8: \SystemRoot\System32\kernel32.dll: 3908.2bc8: CreationTime: 2014-04-09T21:20:11.876561200Z 3908.2bc8: LastWriteTime: 2014-03-04T09:44:00.336000000Z 3908.2bc8: ChangeTime: 2014-04-09T21:26:07.550061000Z 3908.2bc8: FileAttributes: 0x20 3908.2bc8: Size: 0x11c000 3908.2bc8: NT Headers: 0xe8 3908.2bc8: Timestamp: 0x5315a059 3908.2bc8: Machine: 0x8664 - amd64 3908.2bc8: Timestamp: 0x5315a059 3908.2bc8: Image Version: 6.1 3908.2bc8: SizeOfImage: 0x11f000 (1175552) 3908.2bc8: Resource Dir: 0x116000 LB 0x528 3908.2bc8: ProductName: Microsoft® Windows® Operating System 3908.2bc8: ProductVersion: 6.1.7601.18409 3908.2bc8: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144) 3908.2bc8: FileDescription: Windows NT BASE API Client DLL 3908.2bc8: \SystemRoot\System32\KernelBase.dll: 3908.2bc8: CreationTime: 2014-05-15T16:55:46.477694400Z 3908.2bc8: LastWriteTime: 2014-03-04T09:44:00.336000000Z 3908.2bc8: ChangeTime: 2014-05-15T17:24:41.601840900Z 3908.2bc8: FileAttributes: 0x20 3908.2bc8: Size: 0x67c00 3908.2bc8: NT Headers: 0xe8 3908.2bc8: Timestamp: 0x5315a05a 3908.2bc8: Machine: 0x8664 - amd64 3908.2bc8: Timestamp: 0x5315a05a 3908.2bc8: Image Version: 6.1 3908.2bc8: SizeOfImage: 0x6c000 (442368) 3908.2bc8: Resource Dir: 0x6a000 LB 0x530 3908.2bc8: ProductName: Microsoft® Windows® Operating System 3908.2bc8: ProductVersion: 6.1.7601.18409 3908.2bc8: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144) 3908.2bc8: FileDescription: Windows NT BASE API Client DLL 3908.2bc8: \SystemRoot\System32\apisetschema.dll: 3908.2bc8: CreationTime: 2013-09-12T21:50:34.732193700Z 3908.2bc8: LastWriteTime: 2013-08-02T02:12:20.275000000Z 3908.2bc8: ChangeTime: 2013-09-12T22:48:54.912208800Z 3908.2bc8: FileAttributes: 0x20 3908.2bc8: Size: 0x1a00 3908.2bc8: NT Headers: 0xc0 3908.2bc8: Timestamp: 0x51fb15ca 3908.2bc8: Machine: 0x8664 - amd64 3908.2bc8: Timestamp: 0x51fb15ca 3908.2bc8: Image Version: 6.1 3908.2bc8: SizeOfImage: 0x50000 (327680) 3908.2bc8: Resource Dir: 0x30000 LB 0x3f8 3908.2bc8: ProductName: Microsoft® Windows® Operating System 3908.2bc8: ProductVersion: 6.1.7601.18229 3908.2bc8: FileVersion: 6.1.7601.18229 (win7sp1_gdr.130801-1533) 3908.2bc8: FileDescription: ApiSet Schema DLL 3908.2bc8: Found driver SymNetS (0x2) 3908.2bc8: Found driver SymDS (0x2) 3908.2bc8: Found driver SRTSPX (0x2) 3908.2bc8: Found driver SymEvent (0x2) 3908.2bc8: Found driver SymIRON (0x2) 3908.2bc8: supR3HardenedWinFindAdversaries: 0x2 3908.2bc8: \SystemRoot\System32\drivers\SysPlant.sys: 3908.2bc8: CreationTime: 2014-10-03T06:23:25.086408000Z 3908.2bc8: LastWriteTime: 2014-10-03T06:23:25.086408000Z 3908.2bc8: ChangeTime: 2014-10-03T06:23:25.086408000Z 3908.2bc8: FileAttributes: 0x2020 3908.2bc8: Size: 0x25938 3908.2bc8: NT Headers: 0x100 3908.2bc8: Timestamp: 0x532a1a8f 3908.2bc8: Machine: 0x8664 - amd64 3908.2bc8: Timestamp: 0x532a1a8f 3908.2bc8: Image Version: 5.0 3908.2bc8: SizeOfImage: 0x2c000 (180224) 3908.2bc8: Resource Dir: 0x2a000 LB 0x498 3908.2bc8: ProductName: Symantec CMC Firewall 3908.2bc8: ProductVersion: 12.1.4100.4126 3908.2bc8: FileVersion: 12.1.4100.4126 3908.2bc8: FileDescription: Symantec CMC Firewall SysPlant 3908.2bc8: \SystemRoot\System32\sysfer.dll: 3908.2bc8: CreationTime: 2014-10-03T06:23:25.070808000Z 3908.2bc8: LastWriteTime: 2014-10-03T06:23:25.070808000Z 3908.2bc8: ChangeTime: 2014-10-03T06:23:25.070808000Z 3908.2bc8: FileAttributes: 0x2020 3908.2bc8: Size: 0x70d70 3908.2bc8: NT Headers: 0xe8 3908.2bc8: Timestamp: 0x532a1b1f 3908.2bc8: Machine: 0x8664 - amd64 3908.2bc8: Timestamp: 0x532a1b1f 3908.2bc8: Image Version: 0.0 3908.2bc8: SizeOfImage: 0x88000 (557056) 3908.2bc8: Resource Dir: 0x86000 LB 0x630 3908.2bc8: ProductName: Symantec CMC Firewall 3908.2bc8: ProductVersion: 12.1.4100.4126 3908.2bc8: FileVersion: 12.1.4100.4126 3908.2bc8: FileDescription: Symantec CMC Firewall sysfer 3908.2bc8: \SystemRoot\System32\sysferThunk.dll: 3908.2bc8: CreationTime: 2014-10-03T06:23:25.070808000Z 3908.2bc8: LastWriteTime: 2014-10-03T06:23:25.070808000Z 3908.2bc8: ChangeTime: 2014-10-03T06:23:25.070808000Z 3908.2bc8: FileAttributes: 0x2020 3908.2bc8: Size: 0x3170 3908.2bc8: NT Headers: 0xd0 3908.2bc8: Timestamp: 0x532a1b20 3908.2bc8: Machine: 0x8664 - amd64 3908.2bc8: Timestamp: 0x532a1b20 3908.2bc8: Image Version: 0.0 3908.2bc8: SizeOfImage: 0x8000 (32768) 3908.2bc8: Resource Dir: 0x6000 LB 0x648 3908.2bc8: ProductName: Symantec CMC Firewall 3908.2bc8: ProductVersion: 12.1.4100.4126 3908.2bc8: FileVersion: 12.1.4100.4126 3908.2bc8: FileDescription: Symantec CMC Firewall SysferThunk 3908.2bc8: \SystemRoot\System32\drivers\symevent64x86.sys: 3908.2bc8: CreationTime: 2013-04-11T23:36:40.229638700Z 3908.2bc8: LastWriteTime: 2014-09-25T22:02:02.688764300Z 3908.2bc8: ChangeTime: 2014-09-25T22:02:02.688764300Z 3908.2bc8: FileAttributes: 0x2020 3908.2bc8: Size: 0x2b658 3908.2bc8: NT Headers: 0xe8 3908.2bc8: Timestamp: 0x51f32ff2 3908.2bc8: Machine: 0x8664 - amd64 3908.2bc8: Timestamp: 0x51f32ff2 3908.2bc8: Image Version: 6.0 3908.2bc8: SizeOfImage: 0x38000 (229376) 3908.2bc8: Resource Dir: 0x36000 LB 0x3c8 3908.2bc8: ProductName: SYMEVENT 3908.2bc8: ProductVersion: 12.9.5.2 3908.2bc8: FileVersion: 12.9.5.2 3908.2bc8: FileDescription: Symantec Event Library 3908.2bc8: Calling main() 3908.2bc8: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 3908.2bc8: SUPR3HardenedMain: Respawn #1 3908.2bc8: System32: \Device\HarddiskVolume2\Windows\System32 3908.2bc8: WinSxS: \Device\HarddiskVolume2\Windows\winsxs 3908.2bc8: KnownDllPath: C:\windows\system32 3908.2bc8: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 3908.2bc8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe) 3908.2bc8: supR3HardNtEnableThreadCreation: 3908.2bc8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000779cc340 pvNtTerminateThread=00000000779f17e0 3908.2bc8: supR3HardenedWinDoReSpawn(1): New child 2dec.2d40 [kernel32]. 3908.2bc8: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdb000 cbPeb=0x380 3908.2bc8: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00000000779a0000 uNtDllChildAddr=00000000779a0000 3908.2bc8: supR3HardenedWinSetupChildInit: uLdrInitThunk=00000000779cc340 3908.2bc8: supR3HardenedWinSetupChildInit: Start child. 3908.2bc8: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. 3908.2bc8: supR3HardNtChildPurify: Startup delay kludge #1/0: 517 ms, 52 sleeps 3908.2bc8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 3908.2bc8: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000 3908.2bc8: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000 3908.2bc8: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000 3908.2bc8: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000 3908.2bc8: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000 3908.2bc8: 0000000000041000-0000000000031fff 0x0001/0x0000 0x0000000 3908.2bc8: *0000000000050000-000000000004efff 0x0004/0x0004 0x0020000 3908.2bc8: 0000000000051000-fffffffffff51fff 0x0001/0x0000 0x0000000 3908.2bc8: *0000000000150000-0000000000053fff 0x0000/0x0004 0x0020000 3908.2bc8: 000000000024c000-0000000000248fff 0x0104/0x0004 0x0020000 3908.2bc8: 000000000024f000-000000000024dfff 0x0004/0x0004 0x0020000 3908.2bc8: 0000000000250000-ffffffff88afffff 0x0001/0x0000 0x0000000 3908.2bc8: *00000000779a0000-000000007799efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 3908.2bc8: 00000000779a1000-000000007789efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 3908.2bc8: 0000000077aa3000-0000000077a73fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 3908.2bc8: 0000000077ad2000-0000000077ac9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 3908.2bc8: 0000000077ada000-0000000077ad8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 3908.2bc8: 0000000077adb000-0000000077ad7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 3908.2bc8: 0000000077ade000-0000000077a72fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 3908.2bc8: 0000000077b49000-00000000706b1fff 0x0001/0x0000 0x0000000 3908.2bc8: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000 3908.2bc8: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000 3908.2bc8: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000 3908.2bc8: 000000007fff0000-ffffffffc096ffff 0x0001/0x0000 0x0000000 3908.2bc8: *000000013f670000-000000013f66efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 3908.2bc8: 000000013f671000-000000013f5ecfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 3908.2bc8: 000000013f6f5000-000000013f6f3fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 3908.2bc8: 000000013f6f6000-000000013f6b8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 3908.2bc8: 000000013f733000-000000013f731fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 3908.2bc8: 000000013f734000-000000013f732fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 3908.2bc8: 000000013f735000-000000013f732fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 3908.2bc8: 000000013f737000-000000013f735fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 3908.2bc8: 000000013f738000-000000013f736fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 3908.2bc8: 000000013f739000-000000013f734fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 3908.2bc8: 000000013f73d000-000000013f703fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 3908.2bc8: 000000013f776000-fffff8037f22bfff 0x0001/0x0000 0x0000000 3908.2bc8: *000007feffcc0000-000007feffcbefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll 3908.2bc8: 000007feffcc1000-000007fdff9e1fff 0x0001/0x0000 0x0000000 3908.2bc8: *000007fffffa0000-000007fffff6cfff 0x0002/0x0002 0x0040000 3908.2bc8: 000007fffffd3000-000007fffffcafff 0x0001/0x0000 0x0000000 3908.2bc8: *000007fffffdb000-000007fffffd9fff 0x0004/0x0004 0x0020000 3908.2bc8: 000007fffffdc000-000007fffffd9fff 0x0001/0x0000 0x0000000 3908.2bc8: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000 3908.2bc8: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000 3908.2bc8: apisetschema.dll: timestamp 0x51fb15ca (rc=VINF_SUCCESS) 3908.2bc8: VirtualBox.exe: timestamp 0x54731167 (rc=VINF_SUCCESS) 3908.2bc8: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 3908.2bc8: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports 3908.2bc8: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports 3908.2bc8: supR3HardNtChildPurify: Done after 537 ms and 0 fixes (loop #0). 3908.2bc8: supR3HardNtEnableThreadCreation: 2dec.2d40: Log file opened: 4.3.20r96997 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db110 2dec.2d40: supR3HardenedVmProcessInit: uNtDllAddr=00000000779a0000 2dec.2d40: ntdll.dll: timestamp 0x521eaf24 (rc=VINF_SUCCESS) 2dec.2d40: New simple heap: #1 0000000000350000 LB 0x400000 (for 1740800 allocation) 2dec.2d40: System32: \Device\HarddiskVolume2\Windows\System32 2dec.2d40: WinSxS: \Device\HarddiskVolume2\Windows\winsxs 2dec.2d40: KnownDllPath: C:\windows\system32 2dec.2d40: supR3HardenedVmProcessInit: Opening vboxdrv stub... 2dec.2d40: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 2dec.2d40: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 2dec.2d40: Registered Dll notification callback with NTDLL. 2dec.2d40: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll) 2dec.2d40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll 2dec.2d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000: [calling] 2dec.2d40: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 2dec.2d40: supR3HardenedDllNotificationCallback: load 0000000077780000 LB 0x0011f000 C:\windows\system32\kernel32.dll [fFlags=0x0] 2dec.2d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 2dec.2d40: supR3HardenedDllNotificationCallback: load 000007fefda00000 LB 0x0006c000 C:\windows\system32\KERNELBASE.dll [fFlags=0x0] 2dec.2d40: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll) 2dec.2d40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll 2dec.2d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077780000 'C:\windows\system32\kernel32.dll' 2dec.2d40: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000779cc340 pvNtTerminateThread=00000000779f17e0 3908.2bc8: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 40 ms. 2dec.2d40: \SystemRoot\System32\ntdll.dll: 2dec.2d40: CreationTime: 2013-10-09T17:53:24.807072700Z 2dec.2d40: LastWriteTime: 2013-08-29T02:16:35.515578900Z 2dec.2d40: ChangeTime: 2013-10-09T19:37:03.197169100Z 2dec.2d40: FileAttributes: 0x20 2dec.2d40: Size: 0x1a6dc0 2dec.2d40: NT Headers: 0xe0 2dec.2d40: Timestamp: 0x521eaf24 2dec.2d40: Machine: 0x8664 - amd64 2dec.2d40: Timestamp: 0x521eaf24 2dec.2d40: Image Version: 6.1 2dec.2d40: SizeOfImage: 0x1a9000 (1740800) 2dec.2d40: Resource Dir: 0x151000 LB 0x560d8 2dec.2d40: ProductName: Microsoft® Windows® Operating System 2dec.2d40: ProductVersion: 6.1.7601.18247 2dec.2d40: FileVersion: 6.1.7601.18247 (win7sp1_gdr.130828-1532) 2dec.2d40: FileDescription: NT Layer DLL 2dec.2d40: \SystemRoot\System32\kernel32.dll: 2dec.2d40: CreationTime: 2014-04-09T21:20:11.876561200Z 2dec.2d40: LastWriteTime: 2014-03-04T09:44:00.336000000Z 2dec.2d40: ChangeTime: 2014-04-09T21:26:07.550061000Z 2dec.2d40: FileAttributes: 0x20 2dec.2d40: Size: 0x11c000 2dec.2d40: NT Headers: 0xe8 2dec.2d40: Timestamp: 0x5315a059 2dec.2d40: Machine: 0x8664 - amd64 2dec.2d40: Timestamp: 0x5315a059 2dec.2d40: Image Version: 6.1 2dec.2d40: SizeOfImage: 0x11f000 (1175552) 2dec.2d40: Resource Dir: 0x116000 LB 0x528 2dec.2d40: ProductName: Microsoft® Windows® Operating System 2dec.2d40: ProductVersion: 6.1.7601.18409 2dec.2d40: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144) 2dec.2d40: FileDescription: Windows NT BASE API Client DLL 2dec.2d40: \SystemRoot\System32\KernelBase.dll: 2dec.2d40: CreationTime: 2014-05-15T16:55:46.477694400Z 2dec.2d40: LastWriteTime: 2014-03-04T09:44:00.336000000Z 2dec.2d40: ChangeTime: 2014-05-15T17:24:41.601840900Z 2dec.2d40: FileAttributes: 0x20 2dec.2d40: Size: 0x67c00 2dec.2d40: NT Headers: 0xe8 2dec.2d40: Timestamp: 0x5315a05a 2dec.2d40: Machine: 0x8664 - amd64 2dec.2d40: Timestamp: 0x5315a05a 2dec.2d40: Image Version: 6.1 2dec.2d40: SizeOfImage: 0x6c000 (442368) 2dec.2d40: Resource Dir: 0x6a000 LB 0x530 2dec.2d40: ProductName: Microsoft® Windows® Operating System 2dec.2d40: ProductVersion: 6.1.7601.18409 2dec.2d40: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144) 2dec.2d40: FileDescription: Windows NT BASE API Client DLL 2dec.2d40: \SystemRoot\System32\apisetschema.dll: 2dec.2d40: CreationTime: 2013-09-12T21:50:34.732193700Z 2dec.2d40: LastWriteTime: 2013-08-02T02:12:20.275000000Z 2dec.2d40: ChangeTime: 2013-09-12T22:48:54.912208800Z 2dec.2d40: FileAttributes: 0x20 2dec.2d40: Size: 0x1a00 2dec.2d40: NT Headers: 0xc0 2dec.2d40: Timestamp: 0x51fb15ca 2dec.2d40: Machine: 0x8664 - amd64 2dec.2d40: Timestamp: 0x51fb15ca 2dec.2d40: Image Version: 6.1 2dec.2d40: SizeOfImage: 0x50000 (327680) 2dec.2d40: Resource Dir: 0x30000 LB 0x3f8 2dec.2d40: ProductName: Microsoft® Windows® Operating System 2dec.2d40: ProductVersion: 6.1.7601.18229 2dec.2d40: FileVersion: 6.1.7601.18229 (win7sp1_gdr.130801-1533) 2dec.2d40: FileDescription: ApiSet Schema DLL 2dec.2d40: Found driver SymNetS (0x2) 2dec.2d40: Found driver SymDS (0x2) 2dec.2d40: Found driver SRTSPX (0x2) 2dec.2d40: Found driver SymEvent (0x2) 2dec.2d40: Found driver SymIRON (0x2) 2dec.2d40: supR3HardenedWinFindAdversaries: 0x2 2dec.2d40: \SystemRoot\System32\drivers\SysPlant.sys: 2dec.2d40: CreationTime: 2014-10-03T06:23:25.086408000Z 2dec.2d40: LastWriteTime: 2014-10-03T06:23:25.086408000Z 2dec.2d40: ChangeTime: 2014-10-03T06:23:25.086408000Z 2dec.2d40: FileAttributes: 0x2020 2dec.2d40: Size: 0x25938 2dec.2d40: NT Headers: 0x100 2dec.2d40: Timestamp: 0x532a1a8f 2dec.2d40: Machine: 0x8664 - amd64 2dec.2d40: Timestamp: 0x532a1a8f 2dec.2d40: Image Version: 5.0 2dec.2d40: SizeOfImage: 0x2c000 (180224) 2dec.2d40: Resource Dir: 0x2a000 LB 0x498 2dec.2d40: ProductName: Symantec CMC Firewall 2dec.2d40: ProductVersion: 12.1.4100.4126 2dec.2d40: FileVersion: 12.1.4100.4126 2dec.2d40: FileDescription: Symantec CMC Firewall SysPlant 2dec.2d40: \SystemRoot\System32\sysfer.dll: 2dec.2d40: CreationTime: 2014-10-03T06:23:25.070808000Z 2dec.2d40: LastWriteTime: 2014-10-03T06:23:25.070808000Z 2dec.2d40: ChangeTime: 2014-10-03T06:23:25.070808000Z 2dec.2d40: FileAttributes: 0x2020 2dec.2d40: Size: 0x70d70 2dec.2d40: NT Headers: 0xe8 2dec.2d40: Timestamp: 0x532a1b1f 2dec.2d40: Machine: 0x8664 - amd64 2dec.2d40: Timestamp: 0x532a1b1f 2dec.2d40: Image Version: 0.0 2dec.2d40: SizeOfImage: 0x88000 (557056) 2dec.2d40: Resource Dir: 0x86000 LB 0x630 2dec.2d40: ProductName: Symantec CMC Firewall 2dec.2d40: ProductVersion: 12.1.4100.4126 2dec.2d40: FileVersion: 12.1.4100.4126 2dec.2d40: FileDescription: Symantec CMC Firewall sysfer 2dec.2d40: \SystemRoot\System32\sysferThunk.dll: 2dec.2d40: CreationTime: 2014-10-03T06:23:25.070808000Z 2dec.2d40: LastWriteTime: 2014-10-03T06:23:25.070808000Z 2dec.2d40: ChangeTime: 2014-10-03T06:23:25.070808000Z 2dec.2d40: FileAttributes: 0x2020 2dec.2d40: Size: 0x3170 2dec.2d40: NT Headers: 0xd0 2dec.2d40: Timestamp: 0x532a1b20 2dec.2d40: Machine: 0x8664 - amd64 2dec.2d40: Timestamp: 0x532a1b20 2dec.2d40: Image Version: 0.0 2dec.2d40: SizeOfImage: 0x8000 (32768) 2dec.2d40: Resource Dir: 0x6000 LB 0x648 2dec.2d40: ProductName: Symantec CMC Firewall 2dec.2d40: ProductVersion: 12.1.4100.4126 2dec.2d40: FileVersion: 12.1.4100.4126 2dec.2d40: FileDescription: Symantec CMC Firewall SysferThunk 2dec.2d40: \SystemRoot\System32\drivers\symevent64x86.sys: 2dec.2d40: CreationTime: 2013-04-11T23:36:40.229638700Z 2dec.2d40: LastWriteTime: 2014-09-25T22:02:02.688764300Z 2dec.2d40: ChangeTime: 2014-09-25T22:02:02.688764300Z 2dec.2d40: FileAttributes: 0x2020 2dec.2d40: Size: 0x2b658 2dec.2d40: NT Headers: 0xe8 2dec.2d40: Timestamp: 0x51f32ff2 2dec.2d40: Machine: 0x8664 - amd64 2dec.2d40: Timestamp: 0x51f32ff2 2dec.2d40: Image Version: 6.0 2dec.2d40: SizeOfImage: 0x38000 (229376) 2dec.2d40: Resource Dir: 0x36000 LB 0x3c8 2dec.2d40: ProductName: SYMEVENT 2dec.2d40: ProductVersion: 12.9.5.2 2dec.2d40: FileVersion: 12.9.5.2 2dec.2d40: FileDescription: Symantec Event Library 2dec.2d40: Calling main() 2dec.2d40: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 2dec.2d40: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 2dec.2d40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe) 2dec.2d40: SUPR3HardenedMain: Respawn #2 2dec.2d40: supR3HardNtEnableThreadCreation: 2dec.2d40: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll) 2dec.2d40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll 2dec.2d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000: [calling] 2dec.2d40: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust] 2dec.2d40: supR3HardenedDllNotificationCallback: load 000007fefd5a0000 LB 0x00057000 C:\windows\system32\apphelp.dll [fFlags=0x0] 2dec.2d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust] 2dec.2d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd5a0000 'C:\windows\system32\apphelp.dll'