b90.1a60: Log file opened: 4.3.20r96997 g_hStartupLog=00000000000000fc g_uNtVerCombined=0x611db110 b90.1a60: \SystemRoot\System32\ntdll.dll: b90.1a60: CreationTime: 2013-10-11T23:24:43.882378100Z b90.1a60: LastWriteTime: 2013-08-29T02:21:43.800548200Z b90.1a60: ChangeTime: 2013-10-12T03:48:06.735171200Z b90.1a60: FileAttributes: 0x20 b90.1a60: Size: 0x1a83d8 b90.1a60: NT Headers: 0xe0 b90.1a60: Timestamp: 0x521eb03f b90.1a60: Machine: 0x8664 - amd64 b90.1a60: Timestamp: 0x521eb03f b90.1a60: Image Version: 6.1 b90.1a60: SizeOfImage: 0x1aa000 (1744896) b90.1a60: Resource Dir: 0x152000 LB 0x560d8 b90.1a60: ProductName: Microsoft® Windows® Operating System b90.1a60: ProductVersion: 6.1.7601.22436 b90.1a60: FileVersion: 6.1.7601.22436 (win7sp1_ldr.130828-1532) b90.1a60: FileDescription: NT Layer DLL b90.1a60: \SystemRoot\System32\kernel32.dll: b90.1a60: CreationTime: 2014-04-22T20:27:26.301334700Z b90.1a60: LastWriteTime: 2014-03-04T09:44:00.336000000Z b90.1a60: ChangeTime: 2014-04-22T23:49:45.884534200Z b90.1a60: FileAttributes: 0x20 b90.1a60: Size: 0x11c000 b90.1a60: NT Headers: 0xe8 b90.1a60: Timestamp: 0x5315a059 b90.1a60: Machine: 0x8664 - amd64 b90.1a60: Timestamp: 0x5315a059 b90.1a60: Image Version: 6.1 b90.1a60: SizeOfImage: 0x11f000 (1175552) b90.1a60: Resource Dir: 0x116000 LB 0x528 b90.1a60: ProductName: Microsoft® Windows® Operating System b90.1a60: ProductVersion: 6.1.7601.18409 b90.1a60: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144) b90.1a60: FileDescription: Windows NT BASE API Client DLL b90.1a60: \SystemRoot\System32\KernelBase.dll: b90.1a60: CreationTime: 2014-05-16T18:03:18.538638200Z b90.1a60: LastWriteTime: 2014-03-04T09:44:00.336000000Z b90.1a60: ChangeTime: 2014-05-16T22:13:41.537038200Z b90.1a60: FileAttributes: 0x20 b90.1a60: Size: 0x67c00 b90.1a60: NT Headers: 0xe8 b90.1a60: Timestamp: 0x5315a05a b90.1a60: Machine: 0x8664 - amd64 b90.1a60: Timestamp: 0x5315a05a b90.1a60: Image Version: 6.1 b90.1a60: SizeOfImage: 0x6c000 (442368) b90.1a60: Resource Dir: 0x6a000 LB 0x530 b90.1a60: ProductName: Microsoft® Windows® Operating System b90.1a60: ProductVersion: 6.1.7601.18409 b90.1a60: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144) b90.1a60: FileDescription: Windows NT BASE API Client DLL b90.1a60: \SystemRoot\System32\apisetschema.dll: b90.1a60: CreationTime: 2014-05-16T18:03:24.387138200Z b90.1a60: LastWriteTime: 2014-04-12T02:28:22.719000000Z b90.1a60: ChangeTime: 2014-05-16T22:13:41.240638200Z b90.1a60: FileAttributes: 0x20 b90.1a60: Size: 0x1a00 b90.1a60: NT Headers: 0xc0 b90.1a60: Timestamp: 0x5348a50b b90.1a60: Machine: 0x8664 - amd64 b90.1a60: Timestamp: 0x5348a50b b90.1a60: Image Version: 6.1 b90.1a60: SizeOfImage: 0x50000 (327680) b90.1a60: Resource Dir: 0x30000 LB 0x3f8 b90.1a60: ProductName: Microsoft® Windows® Operating System b90.1a60: ProductVersion: 6.1.7601.22653 b90.1a60: FileVersion: 6.1.7601.22653 (win7sp1_ldr.140411-1533) b90.1a60: FileDescription: ApiSet Schema DLL b90.1a60: NtOpenDirectoryObject failed on \Driver: 0xc0000022 b90.1a60: supR3HardenedWinFindAdversaries: 0x400 b90.1a60: \SystemRoot\System32\drivers\MpFilter.sys: b90.1a60: CreationTime: 2014-07-17T16:05:06.000000000Z b90.1a60: LastWriteTime: 2014-07-17T16:05:06.000000000Z b90.1a60: ChangeTime: 2014-10-22T13:04:59.820803700Z b90.1a60: FileAttributes: 0x20 b90.1a60: Size: 0x41ad0 b90.1a60: NT Headers: 0xf0 b90.1a60: Timestamp: 0x53bdfdba b90.1a60: Machine: 0x8664 - amd64 b90.1a60: Timestamp: 0x53bdfdba b90.1a60: Image Version: 6.3 b90.1a60: SizeOfImage: 0x42000 (270336) b90.1a60: Resource Dir: 0x40000 LB 0xd50 b90.1a60: ProductName: Microsoft Malware Protection b90.1a60: ProductVersion: 4.6.0300.0 b90.1a60: FileVersion: 4.6.0300.0 b90.1a60: FileDescription: Microsoft antimalware file system filter driver b90.1a60: \SystemRoot\System32\drivers\NisDrvWFP.sys: b90.1a60: CreationTime: 2010-10-24T19:25:38.000000000Z b90.1a60: LastWriteTime: 2014-07-17T16:05:06.000000000Z b90.1a60: ChangeTime: 2014-10-22T13:04:58.903636900Z b90.1a60: FileAttributes: 0x20 b90.1a60: Size: 0x1ea90 b90.1a60: NT Headers: 0xe0 b90.1a60: Timestamp: 0x53bdfde3 b90.1a60: Machine: 0x8664 - amd64 b90.1a60: Timestamp: 0x53bdfde3 b90.1a60: Image Version: 6.3 b90.1a60: SizeOfImage: 0x1f000 (126976) b90.1a60: Resource Dir: 0x1c000 LB 0x1b90 b90.1a60: ProductName: Microsoft Malware Protection b90.1a60: ProductVersion: 4.6.0300.0 b90.1a60: FileVersion: 4.6.0300.0 b90.1a60: FileDescription: Microsoft Network Realtime Inspection Driver b90.1a60: Calling main() b90.1a60: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 b90.1a60: SUPR3HardenedMain: Respawn #1 b90.1a60: System32: \Device\HarddiskVolume1\Windows\System32 b90.1a60: WinSxS: \Device\HarddiskVolume1\Windows\winsxs b90.1a60: KnownDllPath: C:\Windows\system32 b90.1a60: '\Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VirtualBox.exe' has no imports b90.1a60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VirtualBox.exe) b90.1a60: supR3HardNtEnableThreadCreation: b90.1a60: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000077b6b800 pvNtTerminateThread=0000000077b90ae0 b90.1a60: supR3HardenedWinDoReSpawn(1): New child 8ec.1b00 [kernel32]. b90.1a60: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdf000 cbPeb=0x380 b90.1a60: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077b40000 uNtDllChildAddr=0000000077b40000 b90.1a60: supR3HardenedWinSetupChildInit: uLdrInitThunk=0000000077b6b800 b90.1a60: supR3HardenedWinSetupChildInit: Start child. b90.1a60: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. b90.1a60: supR3HardNtChildPurify: Startup delay kludge #1/0: 516 ms, 62 sleeps b90.1a60: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION b90.1a60: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000 b90.1a60: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000 b90.1a60: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000 b90.1a60: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000 b90.1a60: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000 b90.1a60: 0000000000041000-0000000000031fff 0x0001/0x0000 0x0000000 b90.1a60: *0000000000050000-000000000004efff 0x0004/0x0004 0x0020000 b90.1a60: 0000000000051000-fffffffffff71fff 0x0001/0x0000 0x0000000 b90.1a60: *0000000000130000-0000000000033fff 0x0000/0x0004 0x0020000 b90.1a60: 000000000022c000-0000000000228fff 0x0104/0x0004 0x0020000 b90.1a60: 000000000022f000-000000000022dfff 0x0004/0x0004 0x0020000 b90.1a60: 0000000000230000-ffffffff8891ffff 0x0001/0x0000 0x0000000 b90.1a60: *0000000077b40000-0000000077b3efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll b90.1a60: 0000000077b41000-0000000077a3ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll b90.1a60: 0000000077c42000-0000000077c12fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll b90.1a60: 0000000077c71000-0000000077c66fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll b90.1a60: 0000000077c7b000-0000000077c79fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll b90.1a60: 0000000077c7c000-0000000077c78fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll b90.1a60: 0000000077c7f000-0000000077c13fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll b90.1a60: 0000000077cea000-00000000709f3fff 0x0001/0x0000 0x0000000 b90.1a60: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000 b90.1a60: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000 b90.1a60: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000 b90.1a60: 000000007fff0000-ffffffffc048ffff 0x0001/0x0000 0x0000000 b90.1a60: *000000013fb50000-000000013fb4efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VirtualBox.exe b90.1a60: 000000013fb51000-000000013faccfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VirtualBox.exe b90.1a60: 000000013fbd5000-000000013fbd3fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VirtualBox.exe b90.1a60: 000000013fbd6000-000000013fb98fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VirtualBox.exe b90.1a60: 000000013fc13000-000000013fc11fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VirtualBox.exe b90.1a60: 000000013fc14000-000000013fc12fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VirtualBox.exe b90.1a60: 000000013fc15000-000000013fc12fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VirtualBox.exe b90.1a60: 000000013fc17000-000000013fc15fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VirtualBox.exe b90.1a60: 000000013fc18000-000000013fc16fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VirtualBox.exe b90.1a60: 000000013fc19000-000000013fc14fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VirtualBox.exe b90.1a60: 000000013fc1d000-000000013fbe3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VirtualBox.exe b90.1a60: 000000013fc56000-fffff8037fa4bfff 0x0001/0x0000 0x0000000 b90.1a60: *000007feffe60000-000007feffe5efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\apisetschema.dll b90.1a60: 000007feffe61000-000007fdffd11fff 0x0001/0x0000 0x0000000 b90.1a60: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000 b90.1a60: 000007fffffd3000-000007fffffc8fff 0x0001/0x0000 0x0000000 b90.1a60: *000007fffffdd000-000007fffffdafff 0x0004/0x0004 0x0020000 b90.1a60: *000007fffffdf000-000007fffffddfff 0x0004/0x0004 0x0020000 b90.1a60: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000 b90.1a60: apisetschema.dll: timestamp 0x5348a50b (rc=VINF_SUCCESS) b90.1a60: VirtualBox.exe: timestamp 0x54731167 (rc=VINF_SUCCESS) b90.1a60: '\Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VirtualBox.exe' has no imports b90.1a60: '\Device\HarddiskVolume1\Windows\System32\apisetschema.dll' has no imports b90.1a60: '\Device\HarddiskVolume1\Windows\System32\ntdll.dll' has no imports b90.1a60: supR3HardNtChildPurify: Done after 536 ms and 0 fixes (loop #0). b90.1a60: supR3HardNtEnableThreadCreation: 8ec.1b00: Log file opened: 4.3.20r96997 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db110 8ec.1b00: supR3HardenedVmProcessInit: uNtDllAddr=0000000077b40000 8ec.1b00: ntdll.dll: timestamp 0x521eb03f (rc=VINF_SUCCESS) 8ec.1b00: New simple heap: #1 0000000000330000 LB 0x400000 (for 1744896 allocation) 8ec.1b00: System32: \Device\HarddiskVolume1\Windows\System32 8ec.1b00: WinSxS: \Device\HarddiskVolume1\Windows\winsxs 8ec.1b00: KnownDllPath: C:\Windows\system32 8ec.1b00: supR3HardenedVmProcessInit: Opening vboxdrv stub... 8ec.1b00: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 8ec.1b00: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 8ec.1b00: Registered Dll notification callback with NTDLL. 8ec.1b00: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\kernel32.dll) 8ec.1b00: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\kernel32.dll 8ec.1b00: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000: [calling] 8ec.1b00: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 8ec.1b00: supR3HardenedDllNotificationCallback: load 0000000077a20000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0] 8ec.1b00: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 8ec.1b00: supR3HardenedDllNotificationCallback: load 000007fefdc80000 LB 0x0006c000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0] 8ec.1b00: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\KernelBase.dll) 8ec.1b00: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\KernelBase.dll 8ec.1b00: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077a20000 'C:\Windows\system32\kernel32.dll' 8ec.1b00: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000077b6b800 pvNtTerminateThread=0000000077b90ae0 8ec.1b00: \SystemRoot\System32\ntdll.dll: 8ec.1b00: CreationTime: 2013-10-11T23:24:43.882378100Z 8ec.1b00: LastWriteTime: 2013-08-29T02:21:43.800548200Z 8ec.1b00: ChangeTime: 2013-10-12T03:48:06.735171200Z 8ec.1b00: FileAttributes: 0x20 8ec.1b00: Size: 0x1a83d8 8ec.1b00: NT Headers: 0xe0 8ec.1b00: Timestamp: 0x521eb03f 8ec.1b00: Machine: 0x8664 - amd64 8ec.1b00: Timestamp: 0x521eb03f 8ec.1b00: Image Version: 6.1 8ec.1b00: SizeOfImage: 0x1aa000 (1744896) 8ec.1b00: Resource Dir: 0x152000 LB 0x560d8 8ec.1b00: ProductName: Microsoft® Windows® Operating System 8ec.1b00: ProductVersion: 6.1.7601.22436 8ec.1b00: FileVersion: 6.1.7601.22436 (win7sp1_ldr.130828-1532) 8ec.1b00: FileDescription: NT Layer DLL b90.1a60: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 152 ms. 8ec.1b00: \SystemRoot\System32\kernel32.dll: 8ec.1b00: CreationTime: 2014-04-22T20:27:26.301334700Z 8ec.1b00: LastWriteTime: 2014-03-04T09:44:00.336000000Z 8ec.1b00: ChangeTime: 2014-04-22T23:49:45.884534200Z 8ec.1b00: FileAttributes: 0x20 8ec.1b00: Size: 0x11c000 8ec.1b00: NT Headers: 0xe8 8ec.1b00: Timestamp: 0x5315a059 8ec.1b00: Machine: 0x8664 - amd64 8ec.1b00: Timestamp: 0x5315a059 8ec.1b00: Image Version: 6.1 8ec.1b00: SizeOfImage: 0x11f000 (1175552) 8ec.1b00: Resource Dir: 0x116000 LB 0x528 8ec.1b00: ProductName: Microsoft® Windows® Operating System 8ec.1b00: ProductVersion: 6.1.7601.18409 8ec.1b00: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144) 8ec.1b00: FileDescription: Windows NT BASE API Client DLL 8ec.1b00: \SystemRoot\System32\KernelBase.dll: 8ec.1b00: CreationTime: 2014-05-16T18:03:18.538638200Z 8ec.1b00: LastWriteTime: 2014-03-04T09:44:00.336000000Z 8ec.1b00: ChangeTime: 2014-05-16T22:13:41.537038200Z 8ec.1b00: FileAttributes: 0x20 8ec.1b00: Size: 0x67c00 8ec.1b00: NT Headers: 0xe8 8ec.1b00: Timestamp: 0x5315a05a 8ec.1b00: Machine: 0x8664 - amd64 8ec.1b00: Timestamp: 0x5315a05a 8ec.1b00: Image Version: 6.1 8ec.1b00: SizeOfImage: 0x6c000 (442368) 8ec.1b00: Resource Dir: 0x6a000 LB 0x530 8ec.1b00: ProductName: Microsoft® Windows® Operating System 8ec.1b00: ProductVersion: 6.1.7601.18409 8ec.1b00: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144) 8ec.1b00: FileDescription: Windows NT BASE API Client DLL 8ec.1b00: \SystemRoot\System32\apisetschema.dll: 8ec.1b00: CreationTime: 2014-05-16T18:03:24.387138200Z 8ec.1b00: LastWriteTime: 2014-04-12T02:28:22.719000000Z 8ec.1b00: ChangeTime: 2014-05-16T22:13:41.240638200Z 8ec.1b00: FileAttributes: 0x20 8ec.1b00: Size: 0x1a00 8ec.1b00: NT Headers: 0xc0 8ec.1b00: Timestamp: 0x5348a50b 8ec.1b00: Machine: 0x8664 - amd64 8ec.1b00: Timestamp: 0x5348a50b 8ec.1b00: Image Version: 6.1 8ec.1b00: SizeOfImage: 0x50000 (327680) 8ec.1b00: Resource Dir: 0x30000 LB 0x3f8 8ec.1b00: ProductName: Microsoft® Windows® Operating System 8ec.1b00: ProductVersion: 6.1.7601.22653 8ec.1b00: FileVersion: 6.1.7601.22653 (win7sp1_ldr.140411-1533) 8ec.1b00: FileDescription: ApiSet Schema DLL 8ec.1b00: NtOpenDirectoryObject failed on \Driver: 0xc0000022 8ec.1b00: supR3HardenedWinFindAdversaries: 0x400 8ec.1b00: \SystemRoot\System32\drivers\MpFilter.sys: 8ec.1b00: CreationTime: 2014-07-17T16:05:06.000000000Z 8ec.1b00: LastWriteTime: 2014-07-17T16:05:06.000000000Z 8ec.1b00: ChangeTime: 2014-10-22T13:04:59.820803700Z 8ec.1b00: FileAttributes: 0x20 8ec.1b00: Size: 0x41ad0 8ec.1b00: NT Headers: 0xf0 8ec.1b00: Timestamp: 0x53bdfdba 8ec.1b00: Machine: 0x8664 - amd64 8ec.1b00: Timestamp: 0x53bdfdba 8ec.1b00: Image Version: 6.3 8ec.1b00: SizeOfImage: 0x42000 (270336) 8ec.1b00: Resource Dir: 0x40000 LB 0xd50 8ec.1b00: ProductName: Microsoft Malware Protection 8ec.1b00: ProductVersion: 4.6.0300.0 8ec.1b00: FileVersion: 4.6.0300.0 8ec.1b00: FileDescription: Microsoft antimalware file system filter driver 8ec.1b00: \SystemRoot\System32\drivers\NisDrvWFP.sys: 8ec.1b00: CreationTime: 2010-10-24T19:25:38.000000000Z 8ec.1b00: LastWriteTime: 2014-07-17T16:05:06.000000000Z 8ec.1b00: ChangeTime: 2014-10-22T13:04:58.903636900Z 8ec.1b00: FileAttributes: 0x20 8ec.1b00: Size: 0x1ea90 8ec.1b00: NT Headers: 0xe0 8ec.1b00: Timestamp: 0x53bdfde3 8ec.1b00: Machine: 0x8664 - amd64 8ec.1b00: Timestamp: 0x53bdfde3 8ec.1b00: Image Version: 6.3 8ec.1b00: SizeOfImage: 0x1f000 (126976) 8ec.1b00: Resource Dir: 0x1c000 LB 0x1b90 8ec.1b00: ProductName: Microsoft Malware Protection 8ec.1b00: ProductVersion: 4.6.0300.0 8ec.1b00: FileVersion: 4.6.0300.0 8ec.1b00: FileDescription: Microsoft Network Realtime Inspection Driver 8ec.1b00: Calling main() 8ec.1b00: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 8ec.1b00: '\Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VirtualBox.exe' has no imports 8ec.1b00: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VirtualBox.exe) 8ec.1b00: SUPR3HardenedMain: Respawn #2 8ec.1b00: supR3HardNtEnableThreadCreation: 8ec.1b00: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 8ec.1b00: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'. 8ec.1b00: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\advapi32.dll) 8ec.1b00: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\advapi32.dll 8ec.1b00: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 8ec.1b00: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 8ec.1b00: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll) 8ec.1b00: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll 8ec.1b00: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 8ec.1b00: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 8ec.1b00: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\msvcrt.dll) 8ec.1b00: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msvcrt.dll 8ec.1b00: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x1000 pwszSearchPath=0000000000000000: [calling] 8ec.1b00: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 8ec.1b00: supR3HardenedDllNotificationCallback: load 000007fefdf50000 LB 0x000db000 C:\Windows\system32\ADVAPI32.DLL [fFlags=0x0] 8ec.1b00: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 8ec.1b00: supR3HardenedDllNotificationCallback: load 000007fefe600000 LB 0x0009f000 C:\Windows\system32\msvcrt.dll [fFlags=0x0] 8ec.1b00: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 8ec.1b00: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'. 8ec.1b00: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'. 8ec.1b00: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\sechost.dll) 8ec.1b00: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\sechost.dll 8ec.1b00: supR3HardenedDllNotificationCallback: load 000007feff920000 LB 0x0001f000 C:\Windows\SYSTEM32\sechost.dll [fFlags=0x0] 8ec.1b00: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\sechost.dll [lacks WinVerifyTrust] 8ec.1b00: supR3HardenedDllNotificationCallback: load 000007feffb30000 LB 0x0012d000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0] 8ec.1b00: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 8ec.1b00: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf50000 'C:\Windows\system32\ADVAPI32.DLL' 8ec.1b00: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\apphelp.dll) 8ec.1b00: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\apphelp.dll 8ec.1b00: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 8ec.1b00: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 8ec.1b00: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 8ec.1b00: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 8ec.1b00: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 8ec.1b00: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 8ec.1b00: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000: [calling] 8ec.1b00: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\apphelp.dll [lacks WinVerifyTrust] 8ec.1b00: supR3HardenedDllNotificationCallback: load 000007fefd890000 LB 0x00057000 C:\Windows\system32\apphelp.dll [fFlags=0x0] 8ec.1b00: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\apphelp.dll [lacks WinVerifyTrust] 8ec.1b00: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd890000 'C:\Windows\system32\apphelp.dll' 8ec.1b00: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000077b6b800 pvNtTerminateThread=0000000077b90ae0 8ec.1b00: supR3HardenedWinDoReSpawn(2): New child 1c40.1db4 [kernel32]. 8ec.1b00: supR3HardNtChildGatherData: PebBaseAddress=000007fffffd8000 cbPeb=0x380 8ec.1b00: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077b40000 uNtDllChildAddr=0000000077b40000 8ec.1b00: supR3HardenedWinSetupChildInit: uLdrInitThunk=0000000077b6b800 8ec.1b00: supR3HardenedWinSetupChildInit: Start child. 8ec.1b00: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. 8ec.1b00: supR3HardNtChildPurify: Startup delay kludge #1/0: 520 ms, 65 sleeps 8ec.1b00: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 8ec.1b00: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000 8ec.1b00: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000 8ec.1b00: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000 8ec.1b00: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000 8ec.1b00: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000 8ec.1b00: 0000000000041000-0000000000031fff 0x0001/0x0000 0x0000000 8ec.1b00: *0000000000050000-000000000004efff 0x0004/0x0004 0x0020000 8ec.1b00: 0000000000051000-ffffffffffea1fff 0x0001/0x0000 0x0000000 8ec.1b00: *0000000000200000-0000000000103fff 0x0000/0x0004 0x0020000 8ec.1b00: 00000000002fc000-00000000002f8fff 0x0104/0x0004 0x0020000 8ec.1b00: 00000000002ff000-00000000002fdfff 0x0004/0x0004 0x0020000 8ec.1b00: 0000000000300000-ffffffff88abffff 0x0001/0x0000 0x0000000 8ec.1b00: *0000000077b40000-0000000077b3efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 8ec.1b00: 0000000077b41000-0000000077a3ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 8ec.1b00: 0000000077c42000-0000000077c12fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 8ec.1b00: 0000000077c71000-0000000077c66fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 8ec.1b00: 0000000077c7b000-0000000077c79fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 8ec.1b00: 0000000077c7c000-0000000077c78fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 8ec.1b00: 0000000077c7f000-0000000077c13fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 8ec.1b00: 0000000077cea000-00000000709f3fff 0x0001/0x0000 0x0000000 8ec.1b00: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000 8ec.1b00: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000 8ec.1b00: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000 8ec.1b00: 000000007fff0000-ffffffffc048ffff 0x0001/0x0000 0x0000000 8ec.1b00: *000000013fb50000-000000013fb4efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VirtualBox.exe 8ec.1b00: 000000013fb51000-000000013faccfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VirtualBox.exe 8ec.1b00: 000000013fbd5000-000000013fbd3fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VirtualBox.exe 8ec.1b00: 000000013fbd6000-000000013fb98fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VirtualBox.exe 8ec.1b00: 000000013fc13000-000000013fc11fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VirtualBox.exe 8ec.1b00: 000000013fc14000-000000013fc12fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VirtualBox.exe 8ec.1b00: 000000013fc15000-000000013fc12fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VirtualBox.exe 8ec.1b00: 000000013fc17000-000000013fc15fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VirtualBox.exe 8ec.1b00: 000000013fc18000-000000013fc16fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VirtualBox.exe 8ec.1b00: 000000013fc19000-000000013fc14fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VirtualBox.exe 8ec.1b00: 000000013fc1d000-000000013fbe3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VirtualBox.exe 8ec.1b00: 000000013fc56000-fffff8037fa4bfff 0x0001/0x0000 0x0000000 8ec.1b00: *000007feffe60000-000007feffe5efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\apisetschema.dll 8ec.1b00: 000007feffe61000-000007fdffd11fff 0x0001/0x0000 0x0000000 8ec.1b00: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000 8ec.1b00: 000007fffffd3000-000007fffffcdfff 0x0001/0x0000 0x0000000 8ec.1b00: *000007fffffd8000-000007fffffd6fff 0x0004/0x0004 0x0020000 8ec.1b00: 000007fffffd9000-000007fffffd3fff 0x0001/0x0000 0x0000000 8ec.1b00: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000 8ec.1b00: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000 8ec.1b00: apisetschema.dll: timestamp 0x5348a50b (rc=VINF_SUCCESS) 8ec.1b00: VirtualBox.exe: timestamp 0x54731167 (rc=VINF_SUCCESS) 8ec.1b00: '\Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VirtualBox.exe' has no imports 8ec.1b00: '\Device\HarddiskVolume1\Windows\System32\apisetschema.dll' has no imports 8ec.1b00: '\Device\HarddiskVolume1\Windows\System32\ntdll.dll' has no imports 8ec.1b00: supR3HardNtChildPurify: Done after 556 ms and 0 fixes (loop #0). 8ec.1b00: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000330000 LB 0x400000) 8ec.1b00: supR3HardNtEnableThreadCreation: 1c40.1db4: Log file opened: 4.3.20r96997 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db110 1c40.1db4: supR3HardenedVmProcessInit: uNtDllAddr=0000000077b40000 1c40.1db4: ntdll.dll: timestamp 0x521eb03f (rc=VINF_SUCCESS) 1c40.1db4: New simple heap: #1 0000000000300000 LB 0x400000 (for 1744896 allocation) 1c40.1db4: System32: \Device\HarddiskVolume1\Windows\System32 1c40.1db4: WinSxS: \Device\HarddiskVolume1\Windows\winsxs 1c40.1db4: KnownDllPath: C:\Windows\system32 1c40.1db4: supR3HardenedVmProcessInit: Opening vboxdrv... 1c40.1db4: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 1c40.1db4: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 1c40.1db4: Registered Dll notification callback with NTDLL. 1c40.1db4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\kernel32.dll) 1c40.1db4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\kernel32.dll 1c40.1db4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000: [calling] 1c40.1db4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 1c40.1db4: supR3HardenedDllNotificationCallback: load 0000000077a20000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0] 1c40.1db4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 1c40.1db4: supR3HardenedDllNotificationCallback: load 000007fefdc80000 LB 0x0006c000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0] 1c40.1db4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\KernelBase.dll) 1c40.1db4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\KernelBase.dll 1c40.1db4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077a20000 'C:\Windows\system32\kernel32.dll' 1c40.1db4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000077b6b800 pvNtTerminateThread=0000000077b90ae0 1c40.1db4: \SystemRoot\System32\ntdll.dll: 8ec.1b00: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 164 ms. 1c40.1db4: CreationTime: 2013-10-11T23:24:43.882378100Z 1c40.1db4: LastWriteTime: 2013-08-29T02:21:43.800548200Z 1c40.1db4: ChangeTime: 2013-10-12T03:48:06.735171200Z 1c40.1db4: FileAttributes: 0x20 1c40.1db4: Size: 0x1a83d8 1c40.1db4: NT Headers: 0xe0 1c40.1db4: Timestamp: 0x521eb03f 1c40.1db4: Machine: 0x8664 - amd64 1c40.1db4: Timestamp: 0x521eb03f 1c40.1db4: Image Version: 6.1 1c40.1db4: SizeOfImage: 0x1aa000 (1744896) 1c40.1db4: Resource Dir: 0x152000 LB 0x560d8 1c40.1db4: ProductName: Microsoft® Windows® Operating System 1c40.1db4: ProductVersion: 6.1.7601.22436 1c40.1db4: FileVersion: 6.1.7601.22436 (win7sp1_ldr.130828-1532) 1c40.1db4: FileDescription: NT Layer DLL 1c40.1db4: \SystemRoot\System32\kernel32.dll: 1c40.1db4: CreationTime: 2014-04-22T20:27:26.301334700Z 1c40.1db4: LastWriteTime: 2014-03-04T09:44:00.336000000Z 1c40.1db4: ChangeTime: 2014-04-22T23:49:45.884534200Z 1c40.1db4: FileAttributes: 0x20 1c40.1db4: Size: 0x11c000 1c40.1db4: NT Headers: 0xe8 1c40.1db4: Timestamp: 0x5315a059 1c40.1db4: Machine: 0x8664 - amd64 1c40.1db4: Timestamp: 0x5315a059 1c40.1db4: Image Version: 6.1 1c40.1db4: SizeOfImage: 0x11f000 (1175552) 1c40.1db4: Resource Dir: 0x116000 LB 0x528 1c40.1db4: ProductName: Microsoft® Windows® Operating System 1c40.1db4: ProductVersion: 6.1.7601.18409 1c40.1db4: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144) 1c40.1db4: FileDescription: Windows NT BASE API Client DLL 1c40.1db4: \SystemRoot\System32\KernelBase.dll: 1c40.1db4: CreationTime: 2014-05-16T18:03:18.538638200Z 1c40.1db4: LastWriteTime: 2014-03-04T09:44:00.336000000Z 1c40.1db4: ChangeTime: 2014-05-16T22:13:41.537038200Z 1c40.1db4: FileAttributes: 0x20 1c40.1db4: Size: 0x67c00 1c40.1db4: NT Headers: 0xe8 1c40.1db4: Timestamp: 0x5315a05a 1c40.1db4: Machine: 0x8664 - amd64 1c40.1db4: Timestamp: 0x5315a05a 1c40.1db4: Image Version: 6.1 1c40.1db4: SizeOfImage: 0x6c000 (442368) 1c40.1db4: Resource Dir: 0x6a000 LB 0x530 1c40.1db4: ProductName: Microsoft® Windows® Operating System 1c40.1db4: ProductVersion: 6.1.7601.18409 1c40.1db4: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144) 1c40.1db4: FileDescription: Windows NT BASE API Client DLL 1c40.1db4: \SystemRoot\System32\apisetschema.dll: 1c40.1db4: CreationTime: 2014-05-16T18:03:24.387138200Z 1c40.1db4: LastWriteTime: 2014-04-12T02:28:22.719000000Z 1c40.1db4: ChangeTime: 2014-05-16T22:13:41.240638200Z 1c40.1db4: FileAttributes: 0x20 1c40.1db4: Size: 0x1a00 1c40.1db4: NT Headers: 0xc0 1c40.1db4: Timestamp: 0x5348a50b 1c40.1db4: Machine: 0x8664 - amd64 1c40.1db4: Timestamp: 0x5348a50b 1c40.1db4: Image Version: 6.1 1c40.1db4: SizeOfImage: 0x50000 (327680) 1c40.1db4: Resource Dir: 0x30000 LB 0x3f8 1c40.1db4: ProductName: Microsoft® Windows® Operating System 1c40.1db4: ProductVersion: 6.1.7601.22653 1c40.1db4: FileVersion: 6.1.7601.22653 (win7sp1_ldr.140411-1533) 1c40.1db4: FileDescription: ApiSet Schema DLL 1c40.1db4: NtOpenDirectoryObject failed on \Driver: 0xc0000022 1c40.1db4: supR3HardenedWinFindAdversaries: 0x400 1c40.1db4: \SystemRoot\System32\drivers\MpFilter.sys: 1c40.1db4: CreationTime: 2014-07-17T16:05:06.000000000Z 1c40.1db4: LastWriteTime: 2014-07-17T16:05:06.000000000Z 1c40.1db4: ChangeTime: 2014-10-22T13:04:59.820803700Z 1c40.1db4: FileAttributes: 0x20 1c40.1db4: Size: 0x41ad0 1c40.1db4: NT Headers: 0xf0 1c40.1db4: Timestamp: 0x53bdfdba 1c40.1db4: Machine: 0x8664 - amd64 1c40.1db4: Timestamp: 0x53bdfdba 1c40.1db4: Image Version: 6.3 1c40.1db4: SizeOfImage: 0x42000 (270336) 1c40.1db4: Resource Dir: 0x40000 LB 0xd50 1c40.1db4: ProductName: Microsoft Malware Protection 1c40.1db4: ProductVersion: 4.6.0300.0 1c40.1db4: FileVersion: 4.6.0300.0 1c40.1db4: FileDescription: Microsoft antimalware file system filter driver 1c40.1db4: \SystemRoot\System32\drivers\NisDrvWFP.sys: 1c40.1db4: CreationTime: 2010-10-24T19:25:38.000000000Z 1c40.1db4: LastWriteTime: 2014-07-17T16:05:06.000000000Z 1c40.1db4: ChangeTime: 2014-10-22T13:04:58.903636900Z 1c40.1db4: FileAttributes: 0x20 1c40.1db4: Size: 0x1ea90 1c40.1db4: NT Headers: 0xe0 1c40.1db4: Timestamp: 0x53bdfde3 1c40.1db4: Machine: 0x8664 - amd64 1c40.1db4: Timestamp: 0x53bdfde3 1c40.1db4: Image Version: 6.3 1c40.1db4: SizeOfImage: 0x1f000 (126976) 1c40.1db4: Resource Dir: 0x1c000 LB 0x1b90 1c40.1db4: ProductName: Microsoft Malware Protection 1c40.1db4: ProductVersion: 4.6.0300.0 1c40.1db4: FileVersion: 4.6.0300.0 1c40.1db4: FileDescription: Microsoft Network Realtime Inspection Driver 1c40.1db4: Calling main() 1c40.1db4: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 1c40.1db4: '\Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VirtualBox.exe' has no imports 1c40.1db4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VirtualBox.exe) 1c40.1db4: SUPR3HardenedMain: Final process, opening VBoxDrv... 1c40.1db4: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000300000 LB 0x400000) 1c40.1db4: supR3HardNtEnableThreadCreation: 1c40.1db4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VBoxSupLib.dll) 1c40.1db4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VBoxSupLib.dll 1c40.1db4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle VM VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000804270:C:\Windows\system32 [calling] 1c40.1db4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 1c40.1db4: supR3HardenedDllNotificationCallback: load 000007fefb010000 LB 0x00004000 C:\Program Files\Oracle VM VirtualBox\VBoxSupLib.DLL [fFlags=0x0] 1c40.1db4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 1c40.1db4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 1c40.1db4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle VM VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000804850:C:\Program Files\Oracle VM VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files\MySQL\MySQL Server 5.6\bin;C:\Program Files (x86)\MySQL\MySQL Utilities 1.3.5\ [calling] 1c40.1db4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb010000 'C:\Program Files\Oracle VM VirtualBox\VBoxSupLib.DLL' 1c40.1db4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle VM VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 1c40.1db4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle VM VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000804850:C:\Program Files\Oracle VM VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files\MySQL\MySQL Server 5.6\bin;C:\Program Files (x86)\MySQL\MySQL Utilities 1.3.5\ [calling] 1c40.1db4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb010000 'C:\Program Files\Oracle VM VirtualBox\VBoxSupLib.DLL' 1c40.1db4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb010000 'C:\Program Files\Oracle VM VirtualBox\VBoxSupLib.DLL' 1c40.1db4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1c40.1db4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'. 1c40.1db4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'. 1c40.1db4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'. 1c40.1db4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\wintrust.dll) 1c40.1db4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wintrust.dll 1c40.1db4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1c40.1db4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1c40.1db4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll) 1c40.1db4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll 1c40.1db4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'... 1c40.1db4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume1\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008] 1c40.1db4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\msasn1.dll) 1c40.1db4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msasn1.dll 1c40.1db4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'... 1c40.1db4: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume1\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008] 1c40.1db4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1c40.1db4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'. 1c40.1db4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\crypt32.dll) 1c40.1db4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\crypt32.dll 1c40.1db4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1c40.1db4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1c40.1db4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\msvcrt.dll) 1c40.1db4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msvcrt.dll 1c40.1db4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'... 1c40.1db4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume1\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008] 1c40.1db4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msasn1.dll [lacks WinVerifyTrust] 1c40.1db4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1c40.1db4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1c40.1db4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1c40.1db4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000804270:C:\Windows\system32 [calling] 1c40.1db4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 1c40.1db4: supR3HardenedDllNotificationCallback: load 000007fefdd90000 LB 0x0003a000 C:\Windows\system32\Wintrust.dll [fFlags=0x0] 1c40.1db4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 1c40.1db4: supR3HardenedDllNotificationCallback: load 000007fefe600000 LB 0x0009f000 C:\Windows\system32\msvcrt.dll [fFlags=0x0] 1c40.1db4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1c40.1db4: supR3HardenedDllNotificationCallback: load 000007fefdaf0000 LB 0x0016c000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0] 1c40.1db4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 1c40.1db4: supR3HardenedDllNotificationCallback: load 000007fefdae0000 LB 0x0000f000 C:\Windows\system32\MSASN1.dll [fFlags=0x0] 1c40.1db4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msasn1.dll [lacks WinVerifyTrust] 1c40.1db4: supR3HardenedDllNotificationCallback: load 000007feffb30000 LB 0x0012d000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0] 1c40.1db4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 1c40.1db4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdd90000 'C:\Windows\system32\Wintrust.dll' 1c40.1db4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\cryptsp.dll) 1c40.1db4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\cryptsp.dll 1c40.1db4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000804850:C:\Program Files\Oracle VM VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files\MySQL\MySQL Server 5.6\bin;C:\Program Files (x86)\MySQL\MySQL Utilities 1.3.5\ [calling] 1c40.1db4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptsp.dll [lacks WinVerifyTrust] 1c40.1db4: supR3HardenedDllNotificationCallback: load 000007fefd480000 LB 0x00017000 C:\Windows\system32\CRYPTSP.dll [fFlags=0x0] 1c40.1db4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptsp.dll [lacks WinVerifyTrust] 1c40.1db4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd480000 'C:\Windows\system32\CRYPTSP.dll' 1c40.1db4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1c40.1db4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\rsaenh.dll) 1c40.1db4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\rsaenh.dll 1c40.1db4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1c40.1db4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1c40.1db4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1c40.1db4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000804850:C:\Program Files\Oracle VM VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files\MySQL\MySQL Server 5.6\bin;C:\Program Files (x86)\MySQL\MySQL Utilities 1.3.5\ [calling] 1c40.1db4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 1c40.1db4: supR3HardenedDllNotificationCallback: load 000007fefcf30000 LB 0x00047000 C:\Windows\system32\rsaenh.dll [fFlags=0x0] 1c40.1db4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 1c40.1db4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf30000 'C:\Windows\system32\rsaenh.dll' 1c40.1db4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1c40.1db4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'. 1c40.1db4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\advapi32.dll) 1c40.1db4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\advapi32.dll 1c40.1db4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1c40.1db4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1c40.1db4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 1c40.1db4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1c40.1db4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1c40.1db4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1c40.1db4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000804850:C:\Program Files\Oracle VM VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files\MySQL\MySQL Server 5.6\bin;C:\Program Files (x86)\MySQL\MySQL Utilities 1.3.5\ [calling] 1c40.1db4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 1c40.1db4: supR3HardenedDllNotificationCallback: load 000007fefdf50000 LB 0x000db000 C:\Windows\system32\ADVAPI32.dll [fFlags=0x0] 1c40.1db4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 1c40.1db4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'. 1c40.1db4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'. 1c40.1db4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\sechost.dll) 1c40.1db4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\sechost.dll 1c40.1db4: supR3HardenedDllNotificationCallback: load 000007feff920000 LB 0x0001f000 C:\Windows\SYSTEM32\sechost.dll [fFlags=0x0] 1c40.1db4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\sechost.dll [lacks WinVerifyTrust] 1c40.1db4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf50000 'C:\Windows\system32\ADVAPI32.dll' 1c40.1db4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\cryptbase.dll) 1c40.1db4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\cryptbase.dll 1c40.1db4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1c40.1db4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1c40.1db4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 1c40.1db4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1c40.1db4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1c40.1db4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1c40.1db4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000804850:C:\Program Files\Oracle VM VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files\MySQL\MySQL Server 5.6\bin;C:\Program Files (x86)\MySQL\MySQL Utilities 1.3.5\ [calling] 1c40.1db4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptbase.dll [lacks WinVerifyTrust] 1c40.1db4: supR3HardenedDllNotificationCallback: load 000007fefd8f0000 LB 0x0000f000 C:\Windows\system32\CRYPTBASE.dll [fFlags=0x0] 1c40.1db4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptbase.dll [lacks WinVerifyTrust] 1c40.1db4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd8f0000 'C:\Windows\system32\CRYPTBASE.dll' 1c40.f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'rpcrt4.dll'. 1c40.f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'version.dll'. 1c40.f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 1c40.f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'. 1c40.f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'shell32.dll'. 1c40.f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shlwapi.dll'. 1c40.f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'userenv.dll'. 1c40.f14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\privman64.dll) 1c40.f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\privman64.dll 1c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'... 1c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume1\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008] 1c40.f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1c40.f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'. 1c40.f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'profapi.dll'. 1c40.f14: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\userenv.dll) 1c40.f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\userenv.dll 1c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... 1c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008] 1c40.f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'. 1c40.f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. 1c40.f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'. 1c40.f14: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\shlwapi.dll) 1c40.f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\shlwapi.dll 1c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 1c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume1\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 1c40.f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1c40.f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shlwapi.dll'. 1c40.f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'. 1c40.f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'. 1c40.f14: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\shell32.dll) 1c40.f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\shell32.dll 1c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 1c40.f14: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 1c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1c40.f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'. 1c40.f14: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\user32.dll) 1c40.f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\user32.dll 1c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'... 1c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume1\Windows\System32\version.dll' [rcNtRedir=0xc0150008] 1c40.f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. 1c40.f14: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\version.dll) 1c40.f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\version.dll 1c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1c40.f14: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 1c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1c40.f14: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1c40.f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. 1c40.f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'. 1c40.f14: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\gdi32.dll) 1c40.f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\gdi32.dll 1c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1c40.f14: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 1c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1c40.f14: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust] 1c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... 1c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008] 1c40.f14: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\shlwapi.dll [lacks WinVerifyTrust] 1c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1c40.f14: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1c40.f14: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1c40.f14: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust] 1c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1c40.f14: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 1c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'... 1c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008] 1c40.f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1c40.f14: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\profapi.dll) 1c40.f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\profapi.dll 1c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1c40.f14: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 1c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1c40.f14: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1c40.f14: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'... 1c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume1\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008] 1c40.f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'. 1c40.f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'. 1c40.f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'. 1c40.f14: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\lpk.dll) 1c40.f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\lpk.dll 1c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1c40.f14: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust] 1c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'... 1c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume1\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008] 1c40.f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1c40.f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. 1c40.f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'. 1c40.f14: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\usp10.dll) 1c40.f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\usp10.dll 1c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1c40.f14: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust] 1c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1c40.f14: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 1c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1c40.f14: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 1c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1c40.f14: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust] 1c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1c40.f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1c40.f14: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1c40.f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\privman64.dll (Input=privman64.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000: [calling] 1c40.f14: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\privman64.dll [lacks WinVerifyTrust] 1c40.f14: supR3HardenedDllNotificationCallback: load 0000000180000000 LB 0x0002c000 C:\Windows\system32\privman64.dll [fFlags=0x0] 1c40.f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\privman64.dll [lacks WinVerifyTrust] 8ec.1b00: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 203 ms, the end); b90.1a60: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 1096 ms, the end);