1e5c.1e60: Log file opened: 4.3.20r96997 g_hStartupLog=00000000000000b0 g_uNtVerCombined=0x611db110 1e5c.1e60: \SystemRoot\System32\ntdll.dll: 1e5c.1e60: CreationTime: 2013-09-16T15:34:34.533643000Z 1e5c.1e60: LastWriteTime: 2013-08-02T02:15:44.087554100Z 1e5c.1e60: ChangeTime: 2013-09-16T15:43:39.516643000Z 1e5c.1e60: FileAttributes: 0x20 1e5c.1e60: Size: 0x1a6dc0 1e5c.1e60: NT Headers: 0xe0 1e5c.1e60: Timestamp: 0x51fb164a 1e5c.1e60: Machine: 0x8664 - amd64 1e5c.1e60: Timestamp: 0x51fb164a 1e5c.1e60: Image Version: 6.1 1e5c.1e60: SizeOfImage: 0x1a9000 (1740800) 1e5c.1e60: Resource Dir: 0x151000 LB 0x560d8 1e5c.1e60: ProductName: Microsoft® Windows® Operating System 1e5c.1e60: ProductVersion: 6.1.7601.18229 1e5c.1e60: FileVersion: 6.1.7601.18229 (win7sp1_gdr.130801-1533) 1e5c.1e60: FileDescription: NT Layer DLL 1e5c.1e60: \SystemRoot\System32\kernel32.dll: 1e5c.1e60: CreationTime: 2014-04-09T15:09:24.262654000Z 1e5c.1e60: LastWriteTime: 2014-03-04T09:44:00.336000000Z 1e5c.1e60: ChangeTime: 2014-04-09T15:10:54.374172700Z 1e5c.1e60: FileAttributes: 0x20 1e5c.1e60: Size: 0x11c000 1e5c.1e60: NT Headers: 0xe8 1e5c.1e60: Timestamp: 0x5315a059 1e5c.1e60: Machine: 0x8664 - amd64 1e5c.1e60: Timestamp: 0x5315a059 1e5c.1e60: Image Version: 6.1 1e5c.1e60: SizeOfImage: 0x11f000 (1175552) 1e5c.1e60: Resource Dir: 0x116000 LB 0x528 1e5c.1e60: ProductName: Microsoft® Windows® Operating System 1e5c.1e60: ProductVersion: 6.1.7601.18409 1e5c.1e60: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144) 1e5c.1e60: FileDescription: Windows NT BASE API Client DLL 1e5c.1e60: \SystemRoot\System32\KernelBase.dll: 1e5c.1e60: CreationTime: 2014-05-17T11:02:43.375841900Z 1e5c.1e60: LastWriteTime: 2014-03-04T09:44:00.336000000Z 1e5c.1e60: ChangeTime: 2014-05-20T21:38:26.784404100Z 1e5c.1e60: FileAttributes: 0x20 1e5c.1e60: Size: 0x67c00 1e5c.1e60: NT Headers: 0xe8 1e5c.1e60: Timestamp: 0x5315a05a 1e5c.1e60: Machine: 0x8664 - amd64 1e5c.1e60: Timestamp: 0x5315a05a 1e5c.1e60: Image Version: 6.1 1e5c.1e60: SizeOfImage: 0x6c000 (442368) 1e5c.1e60: Resource Dir: 0x6a000 LB 0x530 1e5c.1e60: ProductName: Microsoft® Windows® Operating System 1e5c.1e60: ProductVersion: 6.1.7601.18409 1e5c.1e60: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144) 1e5c.1e60: FileDescription: Windows NT BASE API Client DLL 1e5c.1e60: \SystemRoot\System32\apisetschema.dll: 1e5c.1e60: CreationTime: 2013-09-16T15:34:38.761143000Z 1e5c.1e60: LastWriteTime: 2013-08-02T02:12:20.275000000Z 1e5c.1e60: ChangeTime: 2013-09-16T15:43:39.498643000Z 1e5c.1e60: FileAttributes: 0x20 1e5c.1e60: Size: 0x1a00 1e5c.1e60: NT Headers: 0xc0 1e5c.1e60: Timestamp: 0x51fb15ca 1e5c.1e60: Machine: 0x8664 - amd64 1e5c.1e60: Timestamp: 0x51fb15ca 1e5c.1e60: Image Version: 6.1 1e5c.1e60: SizeOfImage: 0x50000 (327680) 1e5c.1e60: Resource Dir: 0x30000 LB 0x3f8 1e5c.1e60: ProductName: Microsoft® Windows® Operating System 1e5c.1e60: ProductVersion: 6.1.7601.18229 1e5c.1e60: FileVersion: 6.1.7601.18229 (win7sp1_gdr.130801-1533) 1e5c.1e60: FileDescription: ApiSet Schema DLL 1e5c.1e60: Found driver SymNetS (0x2) 1e5c.1e60: Found driver SymDS (0x2) 1e5c.1e60: Found driver SRTSPX (0x2) 1e5c.1e60: Found driver SymEvent (0x2) 1e5c.1e60: Found driver SymIRON (0x2) 1e5c.1e60: supR3HardenedWinFindAdversaries: 0x2 1e5c.1e60: \SystemRoot\System32\drivers\SysPlant.sys: 1e5c.1e60: CreationTime: 2013-09-26T17:13:26.318103900Z 1e5c.1e60: LastWriteTime: 2013-09-26T17:13:26.324354000Z 1e5c.1e60: ChangeTime: 2013-09-26T17:13:26.324354000Z 1e5c.1e60: FileAttributes: 0x20 1e5c.1e60: Size: 0x26ef0 1e5c.1e60: NT Headers: 0xf8 1e5c.1e60: Timestamp: 0x51a0ec2d 1e5c.1e60: Machine: 0x8664 - amd64 1e5c.1e60: Timestamp: 0x51a0ec2d 1e5c.1e60: Image Version: 5.0 1e5c.1e60: SizeOfImage: 0x2f000 (192512) 1e5c.1e60: Resource Dir: 0x2d000 LB 0x490 1e5c.1e60: ProductName: Symantec CMC Firewall 1e5c.1e60: ProductVersion: 12.1.3001.165 1e5c.1e60: FileVersion: 12.1.3001.165 1e5c.1e60: FileDescription: Symantec CMC Firewall SysPlant 1e5c.1e60: \SystemRoot\System32\sysfer.dll: 1e5c.1e60: CreationTime: 2013-09-26T17:13:26.283103400Z 1e5c.1e60: LastWriteTime: 2013-09-26T17:13:26.291853500Z 1e5c.1e60: ChangeTime: 2013-09-26T17:13:26.291853500Z 1e5c.1e60: FileAttributes: 0x20 1e5c.1e60: Size: 0x70190 1e5c.1e60: NT Headers: 0xe8 1e5c.1e60: Timestamp: 0x51a0ecb5 1e5c.1e60: Machine: 0x8664 - amd64 1e5c.1e60: Timestamp: 0x51a0ecb5 1e5c.1e60: Image Version: 0.0 1e5c.1e60: SizeOfImage: 0x87000 (552960) 1e5c.1e60: Resource Dir: 0x85000 LB 0x628 1e5c.1e60: ProductName: Symantec CMC Firewall 1e5c.1e60: ProductVersion: 12.1.3001.165 1e5c.1e60: FileVersion: 12.1.3001.165 1e5c.1e60: FileDescription: Symantec CMC Firewall sysfer 1e5c.1e60: \SystemRoot\System32\sysferThunk.dll: 1e5c.1e60: CreationTime: 2013-09-26T17:13:26.299353600Z 1e5c.1e60: LastWriteTime: 2013-09-26T17:13:26.306853700Z 1e5c.1e60: ChangeTime: 2013-09-26T17:13:26.306853700Z 1e5c.1e60: FileAttributes: 0x20 1e5c.1e60: Size: 0x2f90 1e5c.1e60: NT Headers: 0xd0 1e5c.1e60: Timestamp: 0x51a0ecb6 1e5c.1e60: Machine: 0x8664 - amd64 1e5c.1e60: Timestamp: 0x51a0ecb6 1e5c.1e60: Image Version: 0.0 1e5c.1e60: SizeOfImage: 0x8000 (32768) 1e5c.1e60: Resource Dir: 0x6000 LB 0x640 1e5c.1e60: ProductName: Symantec CMC Firewall 1e5c.1e60: ProductVersion: 12.1.3001.165 1e5c.1e60: FileVersion: 12.1.3001.165 1e5c.1e60: FileDescription: Symantec CMC Firewall SysferThunk 1e5c.1e60: \SystemRoot\System32\drivers\symevent64x86.sys: 1e5c.1e60: CreationTime: 2010-11-25T21:20:00.394390800Z 1e5c.1e60: LastWriteTime: 2013-09-26T16:57:13.697194900Z 1e5c.1e60: ChangeTime: 2013-09-26T16:57:13.697194900Z 1e5c.1e60: FileAttributes: 0x20 1e5c.1e60: Size: 0x2b4a0 1e5c.1e60: NT Headers: 0xe8 1e5c.1e60: Timestamp: 0x50346f1e 1e5c.1e60: Machine: 0x8664 - amd64 1e5c.1e60: Timestamp: 0x50346f1e 1e5c.1e60: Image Version: 6.0 1e5c.1e60: SizeOfImage: 0x38000 (229376) 1e5c.1e60: Resource Dir: 0x36000 LB 0x3c8 1e5c.1e60: ProductName: SYMEVENT 1e5c.1e60: ProductVersion: 12.9.3.1 1e5c.1e60: FileVersion: 12.9.3.1 1e5c.1e60: FileDescription: Symantec Event Library 1e5c.1e60: Calling main() 1e5c.1e60: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 1e5c.1e60: SUPR3HardenedMain: Respawn #1 1e5c.1e60: System32: \Device\HarddiskVolume2\Windows\System32 1e5c.1e60: WinSxS: \Device\HarddiskVolume2\Windows\winsxs 1e5c.1e60: KnownDllPath: C:\Windows\system32 1e5c.1e60: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 1e5c.1e60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe) 1e5c.1e60: supR3HardNtEnableThreadCreation: 1e5c.1e60: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007798c340 pvNtTerminateThread=00000000779b17e0 1e5c.1e60: supR3HardenedWinDoReSpawn(1): New child 1e64.1e68 [kernel32]. 1e5c.1e60: supR3HardNtChildGatherData: PebBaseAddress=000007fffffda000 cbPeb=0x380 1e5c.1e60: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077960000 uNtDllChildAddr=0000000077960000 1e5c.1e60: supR3HardenedWinSetupChildInit: uLdrInitThunk=000000007798c340 1e5c.1e60: supR3HardenedWinSetupChildInit: Start child. 1e5c.1e60: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 32 ms. 1e5c.1e60: supR3HardNtChildPurify: Startup delay kludge #1/0: 520 ms, 65 sleeps 1e5c.1e60: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 1e5c.1e60: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000 1e5c.1e60: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000 1e5c.1e60: *0000000000030000-0000000000027fff 0x0040/0x0040 0x0020000 !! 1e5c.1e60: supHardNtVpScanVirtualMemory: Freeing exec mem at 0000000000030000 (0000000000030000 LB 0x8000) 1e5c.1e60: 0000000000038000-000000000002ffff 0x0001/0x0000 0x0000000 1e5c.1e60: *0000000000040000-000000000003bfff 0x0002/0x0002 0x0040000 1e5c.1e60: 0000000000044000-0000000000037fff 0x0001/0x0000 0x0000000 1e5c.1e60: *0000000000050000-000000000004efff 0x0004/0x0004 0x0020000 1e5c.1e60: 0000000000051000-0000000000041fff 0x0001/0x0000 0x0000000 1e5c.1e60: *0000000000060000-000000000005efff 0x0004/0x0004 0x0020000 1e5c.1e60: 0000000000061000-fffffffffffd1fff 0x0001/0x0000 0x0000000 1e5c.1e60: *00000000000f0000-ffffffffffff3fff 0x0000/0x0004 0x0020000 1e5c.1e60: 00000000001ec000-00000000001e8fff 0x0104/0x0004 0x0020000 1e5c.1e60: 00000000001ef000-00000000001edfff 0x0004/0x0004 0x0020000 1e5c.1e60: 00000000001f0000-ffffffff88a7ffff 0x0001/0x0000 0x0000000 1e5c.1e60: *0000000077960000-000000007795efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1e5c.1e60: 0000000077961000-000000007785efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1e5c.1e60: 0000000077a63000-0000000077a33fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1e5c.1e60: 0000000077a92000-0000000077a89fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1e5c.1e60: 0000000077a9a000-0000000077a98fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1e5c.1e60: 0000000077a9b000-0000000077a97fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1e5c.1e60: 0000000077a9e000-0000000077a32fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1e5c.1e60: 0000000077b09000-0000000070631fff 0x0001/0x0000 0x0000000 1e5c.1e60: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000 1e5c.1e60: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000 1e5c.1e60: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000 1e5c.1e60: 000000007fff0000-ffffffffc0f5ffff 0x0001/0x0000 0x0000000 1e5c.1e60: *000000013f080000-000000013f07efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1e5c.1e60: 000000013f081000-000000013effcfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1e5c.1e60: 000000013f105000-000000013f103fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1e5c.1e60: 000000013f106000-000000013f0c8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1e5c.1e60: 000000013f143000-000000013f141fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1e5c.1e60: 000000013f144000-000000013f142fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1e5c.1e60: 000000013f145000-000000013f142fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1e5c.1e60: 000000013f147000-000000013f145fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1e5c.1e60: 000000013f148000-000000013f146fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1e5c.1e60: 000000013f149000-000000013f144fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1e5c.1e60: 000000013f14d000-000000013f113fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1e5c.1e60: 000000013f186000-fffff8037e68bfff 0x0001/0x0000 0x0000000 1e5c.1e60: *000007feffc80000-000007feffc7efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll 1e5c.1e60: 000007feffc81000-000007fdff951fff 0x0001/0x0000 0x0000000 1e5c.1e60: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000 1e5c.1e60: 000007fffffd3000-000007fffffcbfff 0x0001/0x0000 0x0000000 1e5c.1e60: *000007fffffda000-000007fffffd8fff 0x0004/0x0004 0x0020000 1e5c.1e60: 000007fffffdb000-000007fffffd7fff 0x0001/0x0000 0x0000000 1e5c.1e60: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000 1e5c.1e60: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000 1e5c.1e60: apisetschema.dll: timestamp 0x51fb15ca (rc=VINF_SUCCESS) 1e5c.1e60: VirtualBox.exe: timestamp 0x54731167 (rc=VINF_SUCCESS) 1e5c.1e60: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 1e5c.1e60: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports 1e5c.1e60: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports 1e5c.1e60: supR3HardNtChildPurify: cFixes=1 g_fSupAdversaries=0x2 cPatchCount=0 1e5c.1e60: supR3HardNtChildPurify: Startup delay kludge #1/1: 520 ms, 65 sleeps 1e5c.1e60: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 1e5c.1e60: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000 1e5c.1e60: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000 1e5c.1e60: 0000000000030000-000000000001ffff 0x0001/0x0000 0x0000000 1e5c.1e60: *0000000000040000-000000000003bfff 0x0002/0x0002 0x0040000 1e5c.1e60: 0000000000044000-0000000000037fff 0x0001/0x0000 0x0000000 1e5c.1e60: *0000000000050000-000000000004efff 0x0004/0x0004 0x0020000 1e5c.1e60: 0000000000051000-0000000000041fff 0x0001/0x0000 0x0000000 1e5c.1e60: *0000000000060000-000000000005efff 0x0004/0x0004 0x0020000 1e5c.1e60: 0000000000061000-fffffffffffd1fff 0x0001/0x0000 0x0000000 1e5c.1e60: *00000000000f0000-ffffffffffff3fff 0x0000/0x0004 0x0020000 1e5c.1e60: 00000000001ec000-00000000001e8fff 0x0104/0x0004 0x0020000 1e5c.1e60: 00000000001ef000-00000000001edfff 0x0004/0x0004 0x0020000 1e5c.1e60: 00000000001f0000-ffffffff88a7ffff 0x0001/0x0000 0x0000000 1e5c.1e60: *0000000077960000-000000007795efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1e5c.1e60: 0000000077961000-000000007785efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1e5c.1e60: 0000000077a63000-0000000077a33fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1e5c.1e60: 0000000077a92000-0000000077a89fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1e5c.1e60: 0000000077a9a000-0000000077a98fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1e5c.1e60: 0000000077a9b000-0000000077a99fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1e5c.1e60: 0000000077a9c000-0000000077a99fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1e5c.1e60: 0000000077a9e000-0000000077a32fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1e5c.1e60: 0000000077b09000-0000000070631fff 0x0001/0x0000 0x0000000 1e5c.1e60: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000 1e5c.1e60: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000 1e5c.1e60: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000 1e5c.1e60: 000000007fff0000-ffffffffc0f5ffff 0x0001/0x0000 0x0000000 1e5c.1e60: *000000013f080000-000000013f07efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1e5c.1e60: 000000013f081000-000000013effcfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1e5c.1e60: 000000013f105000-000000013f103fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1e5c.1e60: 000000013f106000-000000013f0c8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1e5c.1e60: 000000013f143000-000000013f138fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1e5c.1e60: 000000013f14d000-000000013f113fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1e5c.1e60: 000000013f186000-fffff8037e68bfff 0x0001/0x0000 0x0000000 1e5c.1e60: *000007feffc80000-000007feffc7efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll 1e5c.1e60: 000007feffc81000-000007fdff951fff 0x0001/0x0000 0x0000000 1e5c.1e60: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000 1e5c.1e60: 000007fffffd3000-000007fffffcbfff 0x0001/0x0000 0x0000000 1e5c.1e60: *000007fffffda000-000007fffffd8fff 0x0004/0x0004 0x0020000 1e5c.1e60: 000007fffffdb000-000007fffffd7fff 0x0001/0x0000 0x0000000 1e5c.1e60: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000 1e5c.1e60: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000 1e5c.1e60: supR3HardNtChildPurify: Done after 1081 ms and 1 fixes (loop #1). 1e64.1e68: Log file opened: 4.3.20r96997 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db110 1e64.1e68: supR3HardenedVmProcessInit: uNtDllAddr=0000000077960000 1e5c.1e60: supR3HardNtEnableThreadCreation: 1e64.1e68: ntdll.dll: timestamp 0x51fb164a (rc=VINF_SUCCESS) 1e64.1e68: New simple heap: #1 00000000002f0000 LB 0x400000 (for 1740800 allocation) 1e64.1e68: System32: \Device\HarddiskVolume2\Windows\System32 1e64.1e68: WinSxS: \Device\HarddiskVolume2\Windows\winsxs 1e64.1e68: KnownDllPath: C:\Windows\system32 1e64.1e68: supR3HardenedVmProcessInit: Opening vboxdrv stub... 1e64.1e68: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 1e64.1e68: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 1e64.1e68: Registered Dll notification callback with NTDLL. 1e64.1e68: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll) 1e64.1e68: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll 1e64.1e68: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000: [calling] 1e64.1e68: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 1e64.1e68: supR3HardenedDllNotificationCallback: load 0000000077840000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0] 1e64.1e68: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 1e64.1e68: supR3HardenedDllNotificationCallback: load 000007fefd9d0000 LB 0x0006c000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0] 1e64.1e68: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll) 1e64.1e68: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll 1e64.1e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077840000 'C:\Windows\system32\kernel32.dll' 1e64.1e68: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007798c340 pvNtTerminateThread=00000000779b17e0 1e5c.1e60: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 185 ms. 1e64.1e68: \SystemRoot\System32\ntdll.dll: 1e64.1e68: CreationTime: 2013-09-16T15:34:34.533643000Z 1e64.1e68: LastWriteTime: 2013-08-02T02:15:44.087554100Z 1e64.1e68: ChangeTime: 2013-09-16T15:43:39.516643000Z 1e64.1e68: FileAttributes: 0x20 1e64.1e68: Size: 0x1a6dc0 1e64.1e68: NT Headers: 0xe0 1e64.1e68: Timestamp: 0x51fb164a 1e64.1e68: Machine: 0x8664 - amd64 1e64.1e68: Timestamp: 0x51fb164a 1e64.1e68: Image Version: 6.1 1e64.1e68: SizeOfImage: 0x1a9000 (1740800) 1e64.1e68: Resource Dir: 0x151000 LB 0x560d8 1e64.1e68: ProductName: Microsoft® Windows® Operating System 1e64.1e68: ProductVersion: 6.1.7601.18229 1e64.1e68: FileVersion: 6.1.7601.18229 (win7sp1_gdr.130801-1533) 1e64.1e68: FileDescription: NT Layer DLL 1e64.1e68: \SystemRoot\System32\kernel32.dll: 1e64.1e68: CreationTime: 2014-04-09T15:09:24.262654000Z 1e64.1e68: LastWriteTime: 2014-03-04T09:44:00.336000000Z 1e64.1e68: ChangeTime: 2014-04-09T15:10:54.374172700Z 1e64.1e68: FileAttributes: 0x20 1e64.1e68: Size: 0x11c000 1e64.1e68: NT Headers: 0xe8 1e64.1e68: Timestamp: 0x5315a059 1e64.1e68: Machine: 0x8664 - amd64 1e64.1e68: Timestamp: 0x5315a059 1e64.1e68: Image Version: 6.1 1e64.1e68: SizeOfImage: 0x11f000 (1175552) 1e64.1e68: Resource Dir: 0x116000 LB 0x528 1e64.1e68: ProductName: Microsoft® Windows® Operating System 1e64.1e68: ProductVersion: 6.1.7601.18409 1e64.1e68: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144) 1e64.1e68: FileDescription: Windows NT BASE API Client DLL 1e64.1e68: \SystemRoot\System32\KernelBase.dll: 1e64.1e68: CreationTime: 2014-05-17T11:02:43.375841900Z 1e64.1e68: LastWriteTime: 2014-03-04T09:44:00.336000000Z 1e64.1e68: ChangeTime: 2014-05-20T21:38:26.784404100Z 1e64.1e68: FileAttributes: 0x20 1e64.1e68: Size: 0x67c00 1e64.1e68: NT Headers: 0xe8 1e64.1e68: Timestamp: 0x5315a05a 1e64.1e68: Machine: 0x8664 - amd64 1e64.1e68: Timestamp: 0x5315a05a 1e64.1e68: Image Version: 6.1 1e64.1e68: SizeOfImage: 0x6c000 (442368) 1e64.1e68: Resource Dir: 0x6a000 LB 0x530 1e64.1e68: ProductName: Microsoft® Windows® Operating System 1e64.1e68: ProductVersion: 6.1.7601.18409 1e64.1e68: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144) 1e64.1e68: FileDescription: Windows NT BASE API Client DLL 1e64.1e68: \SystemRoot\System32\apisetschema.dll: 1e64.1e68: CreationTime: 2013-09-16T15:34:38.761143000Z 1e64.1e68: LastWriteTime: 2013-08-02T02:12:20.275000000Z 1e64.1e68: ChangeTime: 2013-09-16T15:43:39.498643000Z 1e64.1e68: FileAttributes: 0x20 1e64.1e68: Size: 0x1a00 1e64.1e68: NT Headers: 0xc0 1e64.1e68: Timestamp: 0x51fb15ca 1e64.1e68: Machine: 0x8664 - amd64 1e64.1e68: Timestamp: 0x51fb15ca 1e64.1e68: Image Version: 6.1 1e64.1e68: SizeOfImage: 0x50000 (327680) 1e64.1e68: Resource Dir: 0x30000 LB 0x3f8 1e64.1e68: ProductName: Microsoft® Windows® Operating System 1e64.1e68: ProductVersion: 6.1.7601.18229 1e64.1e68: FileVersion: 6.1.7601.18229 (win7sp1_gdr.130801-1533) 1e64.1e68: FileDescription: ApiSet Schema DLL 1e64.1e68: Found driver SymNetS (0x2) 1e64.1e68: Found driver SymDS (0x2) 1e64.1e68: Found driver SRTSPX (0x2) 1e64.1e68: Found driver SymEvent (0x2) 1e64.1e68: Found driver SymIRON (0x2) 1e64.1e68: supR3HardenedWinFindAdversaries: 0x2 1e64.1e68: \SystemRoot\System32\drivers\SysPlant.sys: 1e64.1e68: CreationTime: 2013-09-26T17:13:26.318103900Z 1e64.1e68: LastWriteTime: 2013-09-26T17:13:26.324354000Z 1e64.1e68: ChangeTime: 2013-09-26T17:13:26.324354000Z 1e64.1e68: FileAttributes: 0x20 1e64.1e68: Size: 0x26ef0 1e64.1e68: NT Headers: 0xf8 1e64.1e68: Timestamp: 0x51a0ec2d 1e64.1e68: Machine: 0x8664 - amd64 1e64.1e68: Timestamp: 0x51a0ec2d 1e64.1e68: Image Version: 5.0 1e64.1e68: SizeOfImage: 0x2f000 (192512) 1e64.1e68: Resource Dir: 0x2d000 LB 0x490 1e64.1e68: ProductName: Symantec CMC Firewall 1e64.1e68: ProductVersion: 12.1.3001.165 1e64.1e68: FileVersion: 12.1.3001.165 1e64.1e68: FileDescription: Symantec CMC Firewall SysPlant 1e64.1e68: \SystemRoot\System32\sysfer.dll: 1e64.1e68: CreationTime: 2013-09-26T17:13:26.283103400Z 1e64.1e68: LastWriteTime: 2013-09-26T17:13:26.291853500Z 1e64.1e68: ChangeTime: 2013-09-26T17:13:26.291853500Z 1e64.1e68: FileAttributes: 0x20 1e64.1e68: Size: 0x70190 1e64.1e68: NT Headers: 0xe8 1e64.1e68: Timestamp: 0x51a0ecb5 1e64.1e68: Machine: 0x8664 - amd64 1e64.1e68: Timestamp: 0x51a0ecb5 1e64.1e68: Image Version: 0.0 1e64.1e68: SizeOfImage: 0x87000 (552960) 1e64.1e68: Resource Dir: 0x85000 LB 0x628 1e64.1e68: ProductName: Symantec CMC Firewall 1e64.1e68: ProductVersion: 12.1.3001.165 1e64.1e68: FileVersion: 12.1.3001.165 1e64.1e68: FileDescription: Symantec CMC Firewall sysfer 1e64.1e68: \SystemRoot\System32\sysferThunk.dll: 1e64.1e68: CreationTime: 2013-09-26T17:13:26.299353600Z 1e64.1e68: LastWriteTime: 2013-09-26T17:13:26.306853700Z 1e64.1e68: ChangeTime: 2013-09-26T17:13:26.306853700Z 1e64.1e68: FileAttributes: 0x20 1e64.1e68: Size: 0x2f90 1e64.1e68: NT Headers: 0xd0 1e64.1e68: Timestamp: 0x51a0ecb6 1e64.1e68: Machine: 0x8664 - amd64 1e64.1e68: Timestamp: 0x51a0ecb6 1e64.1e68: Image Version: 0.0 1e64.1e68: SizeOfImage: 0x8000 (32768) 1e64.1e68: Resource Dir: 0x6000 LB 0x640 1e64.1e68: ProductName: Symantec CMC Firewall 1e64.1e68: ProductVersion: 12.1.3001.165 1e64.1e68: FileVersion: 12.1.3001.165 1e64.1e68: FileDescription: Symantec CMC Firewall SysferThunk 1e64.1e68: \SystemRoot\System32\drivers\symevent64x86.sys: 1e64.1e68: CreationTime: 2010-11-25T21:20:00.394390800Z 1e64.1e68: LastWriteTime: 2013-09-26T16:57:13.697194900Z 1e64.1e68: ChangeTime: 2013-09-26T16:57:13.697194900Z 1e64.1e68: FileAttributes: 0x20 1e64.1e68: Size: 0x2b4a0 1e64.1e68: NT Headers: 0xe8 1e64.1e68: Timestamp: 0x50346f1e 1e64.1e68: Machine: 0x8664 - amd64 1e64.1e68: Timestamp: 0x50346f1e 1e64.1e68: Image Version: 6.0 1e64.1e68: SizeOfImage: 0x38000 (229376) 1e64.1e68: Resource Dir: 0x36000 LB 0x3c8 1e64.1e68: ProductName: SYMEVENT 1e64.1e68: ProductVersion: 12.9.3.1 1e64.1e68: FileVersion: 12.9.3.1 1e64.1e68: FileDescription: Symantec Event Library 1e64.1e68: Calling main() 1e64.1e68: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 1e64.1e68: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 1e64.1e68: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe) 1e64.1e68: SUPR3HardenedMain: Respawn #2 1e64.1e68: supR3HardNtEnableThreadCreation: 1e64.1e68: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll) 1e64.1e68: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll 1e64.1e68: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000: [calling] 1e64.1e68: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust] 1e64.1e68: supR3HardenedDllNotificationCallback: load 000007fefd5e0000 LB 0x00057000 C:\Windows\system32\apphelp.dll [fFlags=0x0] 1e64.1e68: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust] 1e64.1e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd5e0000 'C:\Windows\system32\apphelp.dll'