78.183c: Log file opened: 5.0.2r102096 g_hStartupLog=0000000000000044 g_uNtVerCombined=0xa0280000 78.183c: \SystemRoot\System32\ntdll.dll: 78.183c: CreationTime: 2016-02-14T09:13:39.052060200Z 78.183c: LastWriteTime: 2016-01-31T06:24:08.504709500Z 78.183c: ChangeTime: 2016-02-15T18:56:30.861723300Z 78.183c: FileAttributes: 0x20 78.183c: Size: 0x1bd870 78.183c: NT Headers: 0xd8 78.183c: Timestamp: 0x56ad9704 78.183c: Machine: 0x8664 - amd64 78.183c: Timestamp: 0x56ad9704 78.183c: Image Version: 10.0 78.183c: SizeOfImage: 0x1c2000 (1843200) 78.183c: Resource Dir: 0x15b000 LB 0x65718 78.183c: ProductName: Microsoft® Windows® Operating System 78.183c: ProductVersion: 10.0.10240.16683 78.183c: FileVersion: 10.0.10240.16683 (th1.160130-1842) 78.183c: FileDescription: NT Layer DLL 78.183c: \SystemRoot\System32\kernel32.dll: 78.183c: CreationTime: 2015-07-10T10:59:59.699781600Z 78.183c: LastWriteTime: 2015-07-10T10:59:59.699781600Z 78.183c: ChangeTime: 2015-10-26T21:21:03.376459200Z 78.183c: FileAttributes: 0x20 78.183c: Size: 0xab830 78.183c: NT Headers: 0xf0 78.183c: Timestamp: 0x559f38ad 78.183c: Machine: 0x8664 - amd64 78.183c: Timestamp: 0x559f38ad 78.183c: Image Version: 10.0 78.183c: SizeOfImage: 0xad000 (708608) 78.183c: Resource Dir: 0xab000 LB 0x518 78.183c: ProductName: Microsoft® Windows® Operating System 78.183c: ProductVersion: 10.0.10240.16384 78.183c: FileVersion: 10.0.10240.16384 (th1.150709-1700) 78.183c: FileDescription: Windows NT BASE API Client DLL 78.183c: \SystemRoot\System32\KernelBase.dll: 78.183c: CreationTime: 2016-02-14T09:13:43.046683400Z 78.183c: LastWriteTime: 2016-01-31T06:25:52.401093100Z 78.183c: ChangeTime: 2016-02-15T18:56:30.486719700Z 78.183c: FileAttributes: 0x20 78.183c: Size: 0x1dc880 78.183c: NT Headers: 0xf0 78.183c: Timestamp: 0x56ad97a2 78.183c: Machine: 0x8664 - amd64 78.183c: Timestamp: 0x56ad97a2 78.183c: Image Version: 10.0 78.183c: SizeOfImage: 0x1dd000 (1953792) 78.183c: Resource Dir: 0x1c7000 LB 0x530 78.183c: ProductName: Microsoft® Windows® Operating System 78.183c: ProductVersion: 10.0.10240.16683 78.183c: FileVersion: 10.0.10240.16683 (th1.160130-1842) 78.183c: FileDescription: Windows NT BASE API Client DLL 78.183c: \SystemRoot\System32\apisetschema.dll: 78.183c: CreationTime: 2015-07-10T11:00:04.872098600Z 78.183c: LastWriteTime: 2015-07-10T11:00:04.872098600Z 78.183c: ChangeTime: 2015-09-04T22:44:05.965798400Z 78.183c: FileAttributes: 0x20 78.183c: Size: 0x16760 78.183c: NT Headers: 0xc8 78.183c: Timestamp: 0x559f3e3d 78.183c: Machine: 0x8664 - amd64 78.183c: Timestamp: 0x559f3e3d 78.183c: Image Version: 10.0 78.183c: SizeOfImage: 0x17000 (94208) 78.183c: Resource Dir: 0x16000 LB 0x3f0 78.183c: ProductName: Microsoft® Windows® Operating System 78.183c: ProductVersion: 10.0.10240.16384 78.183c: FileVersion: 10.0.10240.16384 (th1.150709-1700) 78.183c: FileDescription: ApiSet Schema DLL 78.183c: NtOpenDirectoryObject failed on \Driver: 0xc0000022 78.183c: supR3HardenedWinFindAdversaries: 0x4 78.183c: \SystemRoot\System32\drivers\aswHwid.sys: 78.183c: CreationTime: 2015-09-04T22:31:44.708479200Z 78.183c: LastWriteTime: 2015-09-04T22:31:43.125021300Z 78.183c: ChangeTime: 2015-09-04T22:31:44.371300700Z 78.183c: FileAttributes: 0x20 78.183c: Size: 0x6ff0 78.183c: NT Headers: 0xe8 78.183c: Timestamp: 0x55b66532 78.183c: Machine: 0x8664 - amd64 78.183c: Timestamp: 0x55b66532 78.183c: Image Version: 6.0 78.183c: SizeOfImage: 0xa000 (40960) 78.183c: Resource Dir: 0x8000 LB 0x398 78.183c: ProductName: Avast Antivirus 78.183c: ProductVersion: 10.3.2225.1172 78.183c: FileVersion: 10.3.2225.1172 78.183c: FileDescription: avast! HWID 78.183c: \SystemRoot\System32\drivers\aswMonFlt.sys: 78.183c: CreationTime: 2015-09-04T22:31:44.708479200Z 78.183c: LastWriteTime: 2015-09-04T22:31:43.137032600Z 78.183c: ChangeTime: 2015-09-04T22:31:44.371300700Z 78.183c: FileAttributes: 0x20 78.183c: Size: 0x16358 78.183c: NT Headers: 0xe8 78.183c: Timestamp: 0x55b66516 78.183c: Machine: 0x8664 - amd64 78.183c: Timestamp: 0x55b66516 78.183c: Image Version: 6.0 78.183c: SizeOfImage: 0x24000 (147456) 78.183c: Resource Dir: 0x22000 LB 0x3c0 78.183c: ProductName: Avast Antivirus 78.183c: ProductVersion: 10.3.2225.1172 78.183c: FileVersion: 10.3.2225.1172 78.183c: FileDescription: avast! File System Minifilter for Windows 2003/Vista 78.183c: \SystemRoot\System32\drivers\aswRdr2.sys: 78.183c: CreationTime: 2015-09-04T22:31:44.704481000Z 78.183c: LastWriteTime: 2015-09-04T22:31:42.980946400Z 78.183c: ChangeTime: 2015-09-04T22:31:44.371300700Z 78.183c: FileAttributes: 0x20 78.183c: Size: 0x16d58 78.183c: NT Headers: 0xf0 78.183c: Timestamp: 0x55b66550 78.183c: Machine: 0x8664 - amd64 78.183c: Timestamp: 0x55b66550 78.183c: Image Version: 6.1 78.183c: SizeOfImage: 0x1a000 (106496) 78.183c: Resource Dir: 0x18000 LB 0x3a8 78.183c: ProductName: Avast Antivirus 78.183c: ProductVersion: 10.3.2225.1172 78.183c: FileVersion: 10.3.2225.1172 built by: WinDDK 78.183c: FileDescription: avast! WFP Redirect Driver 78.183c: \SystemRoot\System32\drivers\aswRvrt.sys: 78.183c: CreationTime: 2015-09-04T22:31:44.712479200Z 78.183c: LastWriteTime: 2015-09-04T22:31:43.145023400Z 78.183c: ChangeTime: 2015-09-04T22:31:44.371300700Z 78.183c: FileAttributes: 0x20 78.183c: Size: 0xfec8 78.183c: NT Headers: 0xf8 78.183c: Timestamp: 0x55b66505 78.183c: Machine: 0x8664 - amd64 78.183c: Timestamp: 0x55b66505 78.183c: Image Version: 6.0 78.183c: SizeOfImage: 0x13000 (77824) 78.183c: Resource Dir: 0x11000 LB 0x398 78.183c: ProductName: Avast Antivirus 78.183c: ProductVersion: 10.3.2225.1172 78.183c: FileVersion: 10.3.2225.1172 78.183c: FileDescription: avast! Revert 78.183c: \SystemRoot\System32\drivers\aswSnx.sys: 78.183c: CreationTime: 2015-09-04T22:31:44.696478100Z 78.183c: LastWriteTime: 2015-11-12T10:31:56.443927500Z 78.183c: ChangeTime: 2015-11-12T10:31:56.443927500Z 78.183c: FileAttributes: 0x20 78.183c: Size: 0x102b48 78.183c: NT Headers: 0xe8 78.183c: Timestamp: 0x5631cc02 78.183c: Machine: 0x8664 - amd64 78.183c: Timestamp: 0x5631cc02 78.183c: Image Version: 6.0 78.183c: SizeOfImage: 0x106000 (1073152) 78.183c: Resource Dir: 0xfe000 LB 0x388 78.183c: ProductName: Avast Antivirus 78.183c: ProductVersion: 10.3.2225.1189 78.183c: FileVersion: 10.3.2225.1189 78.183c: FileDescription: avast! Virtualization Driver 78.183c: \SystemRoot\System32\drivers\aswsp.sys: 78.183c: CreationTime: 2015-09-04T22:31:44.716626700Z 78.183c: LastWriteTime: 2015-11-12T10:31:56.527020600Z 78.183c: ChangeTime: 2015-11-12T10:31:56.527020600Z 78.183c: FileAttributes: 0x20 78.183c: Size: 0x6ddc8 78.183c: NT Headers: 0x100 78.183c: Timestamp: 0x5631d051 78.183c: Machine: 0x8664 - amd64 78.183c: Timestamp: 0x5631d051 78.183c: Image Version: 6.0 78.183c: SizeOfImage: 0x75000 (479232) 78.183c: Resource Dir: 0x73000 LB 0x380 78.183c: ProductName: Avast Antivirus 78.183c: ProductVersion: 10.3.2225.1189 78.183c: FileVersion: 10.3.2225.1189 78.183c: FileDescription: avast! self protection module 78.183c: \SystemRoot\System32\drivers\aswStm.sys: 78.183c: CreationTime: 2015-09-04T22:31:44.716626700Z 78.183c: LastWriteTime: 2015-09-04T22:31:43.213027900Z 78.183c: ChangeTime: 2015-09-04T22:31:44.375306800Z 78.183c: FileAttributes: 0x20 78.183c: Size: 0x24c90 78.183c: NT Headers: 0x100 78.183c: Timestamp: 0x55b66c74 78.183c: Machine: 0x8664 - amd64 78.183c: Timestamp: 0x55b66c74 78.183c: Image Version: 6.2 78.183c: SizeOfImage: 0x27000 (159744) 78.183c: Resource Dir: 0x25000 LB 0x360 78.183c: ProductName: Avast Antivirus 78.183c: ProductVersion: 10.3.2225.1172 78.183c: FileVersion: 10.3.2225.1172 78.183c: FileDescription: Stream Filter 78.183c: \SystemRoot\System32\drivers\aswVmm.sys: 78.183c: CreationTime: 2015-09-04T22:31:44.716626700Z 78.183c: LastWriteTime: 2015-09-04T22:31:43.181025600Z 78.183c: ChangeTime: 2015-09-04T22:31:44.375306800Z 78.183c: FileAttributes: 0x20 78.183c: Size: 0x43178 78.183c: NT Headers: 0xf8 78.183c: Timestamp: 0x55b66b89 78.183c: Machine: 0x8664 - amd64 78.183c: Timestamp: 0x55b66b89 78.183c: Image Version: 6.0 78.183c: SizeOfImage: 0x45000 (282624) 78.183c: Resource Dir: 0x42000 LB 0x3a0 78.183c: ProductName: Avast Antivirus 78.183c: ProductVersion: 10.3.2225.1172 78.183c: FileVersion: 10.3.2225.1172 78.183c: FileDescription: avast! VM Monitor 78.183c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox' 78.183c: Calling main() 78.183c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 78.183c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox' 78.183c: SUPR3HardenedMain: Respawn #1 78.183c: System32: \Device\HarddiskVolume4\Windows\System32 78.183c: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS 78.183c: KnownDllPath: C:\WINDOWS\system32 78.183c: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 78.183c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe) 78.183c: supR3HardNtEnableThreadCreation: 78.183c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffcdccebe60 pvNtTerminateThread=00007ffcdcd13d50 78.183c: supR3HardenedWinDoReSpawn(1): New child 1e20.c78 [kernel32]. 78.183c: supR3HardNtChildGatherData: PebBaseAddress=00007ff658297000 cbPeb=0x388 78.183c: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffcdcc80000 uNtDllChildAddr=00007ffcdcc80000 78.183c: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffcdccebe60 78.183c: supR3HardenedWinSetupChildInit: Start child. 78.183c: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. 78.183c: supR3HardNtChildPurify: Startup delay kludge #1/0: 519 ms, 60 sleeps 78.183c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 78.183c: *0000000000000000-ffffffffff9fffff 0x0001/0x0000 0x0000000 78.183c: *0000000000600000-00000000005dffff 0x0004/0x0004 0x0020000 78.183c: *0000000000620000-000000000060bfff 0x0002/0x0002 0x0040000 78.183c: 0000000000634000-0000000000627fff 0x0001/0x0000 0x0000000 78.183c: *0000000000640000-0000000000543fff 0x0000/0x0004 0x0020000 78.183c: 000000000073c000-0000000000738fff 0x0104/0x0004 0x0020000 78.183c: 000000000073f000-000000000073dfff 0x0004/0x0004 0x0020000 78.183c: *0000000000740000-000000000073bfff 0x0002/0x0002 0x0040000 78.183c: 0000000000744000-0000000000737fff 0x0001/0x0000 0x0000000 78.183c: *0000000000750000-000000000074dfff 0x0004/0x0004 0x0020000 78.183c: 0000000000752000-ffffffff80ec3fff 0x0001/0x0000 0x0000000 78.183c: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000 78.183c: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000 78.183c: 000000007fff0000-ffff800aa7d6ffff 0x0001/0x0000 0x0000000 78.183c: *00007ff658270000-00007ff65824cfff 0x0002/0x0002 0x0040000 78.183c: 00007ff658293000-00007ff65828efff 0x0001/0x0000 0x0000000 78.183c: *00007ff658297000-00007ff658295fff 0x0004/0x0004 0x0020000 78.183c: 00007ff658298000-00007ff658291fff 0x0001/0x0000 0x0000000 78.183c: *00007ff65829e000-00007ff65829bfff 0x0004/0x0004 0x0020000 78.183c: 00007ff6582a0000-00007ff657e2ffff 0x0001/0x0000 0x0000000 78.183c: *00007ff658710000-00007ff658710fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 78.183c: 00007ff658711000-00007ff658796fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 78.183c: 00007ff658797000-00007ff658797fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 78.183c: 00007ff658798000-00007ff6587e1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 78.183c: 00007ff6587e2000-00007ff6587e2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 78.183c: 00007ff6587e3000-00007ff6587e3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 78.183c: 00007ff6587e4000-00007ff6587e5fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 78.183c: 00007ff6587e6000-00007ff6587e6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 78.183c: 00007ff6587e7000-00007ff6587e7fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 78.183c: 00007ff6587e8000-00007ff6587ebfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 78.183c: 00007ff6587ec000-00007ff658835fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 78.183c: 00007ff658836000-00007ff05420bfff 0x0001/0x0000 0x0000000 78.183c: *00007ffc5ce60000-00007ffc5ce5cfff 0x0040/0x0040 0x0020000 !! 78.183c: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 00007ffc5ce60000 (LB 0x3000, 00007ffc5ce60000 LB 0x3000) 78.183c: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [00007ffc5ce60000/00007ffc5ce60000 LB 0/0x3000] 78.183c: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/00007ffc5ce60000 LB 0x7fe20000 s=0x10000 ap=0x0 rp=0x00000000000001 78.183c: 00007ffc5ce63000-00007ffbdd045fff 0x0001/0x0000 0x0000000 78.183c: *00007ffcdcc80000-00007ffcdcc80fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 78.183c: 00007ffcdcc81000-00007ffcdcd7dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 78.183c: 00007ffcdcd7e000-00007ffcdcdbffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 78.183c: 00007ffcdcdc0000-00007ffcdcdc8fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 78.183c: 00007ffcdcdc9000-00007ffcdcdd6fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 78.183c: 00007ffcdcdd7000-00007ffcdcdd7fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 78.183c: 00007ffcdcdd8000-00007ffcdcddafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 78.183c: 00007ffcdcddb000-00007ffcdce41fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 78.183c: 00007ffcdce42000-00007ff9b9ca3fff 0x0001/0x0000 0x0000000 78.183c: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000 78.183c: VirtualBox.exe: timestamp 0x55ccc4d5 (rc=VINF_SUCCESS) 78.183c: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 78.183c: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports 78.183c: ntdll.dll: Differences in section #1 (.text) between file and memory: 78.183c: 00007ffcdcd138d0 / 0x00938d0: 4c != e9 78.183c: 00007ffcdcd138d1 / 0x00938d1: 8b != 7b 78.183c: 00007ffcdcd138d2 / 0x00938d2: d1 != cb 78.183c: 00007ffcdcd138d3 / 0x00938d3: b8 != 14 78.183c: 00007ffcdcd138d4 / 0x00938d4: 0b != 80 78.183c: 00007ffcdcd13920 / 0x0093920: 4c != e9 78.183c: 00007ffcdcd13921 / 0x0093921: 8b != 1b 78.183c: 00007ffcdcd13922 / 0x0093922: d1 != cb 78.183c: 00007ffcdcd13923 / 0x0093923: b8 != 14 78.183c: 00007ffcdcd13924 / 0x0093924: 10 != 80 78.183c: 00007ffcdcd13a80 / 0x0093a80: 4c != e9 78.183c: 00007ffcdcd13a81 / 0x0093a81: 8b != db 78.183c: 00007ffcdcd13a82 / 0x0093a82: d1 != c8 78.183c: 00007ffcdcd13a83 / 0x0093a83: b8 != 14 78.183c: 00007ffcdcd13a84 / 0x0093a84: 26 != 80 78.183c: 00007ffcdcd13ad0 / 0x0093ad0: 4c != e9 78.183c: 00007ffcdcd13ad2 / 0x0093ad2: d1 != c9 78.183c: 00007ffcdcd13ad3 / 0x0093ad3: b8 != 14 78.183c: 00007ffcdcd13ad4 / 0x0093ad4: 2b != 80 78.183c: 00007ffcdcd13ae0 / 0x0093ae0: 4c != e9 78.183c: 00007ffcdcd13ae1 / 0x0093ae1: 8b != eb 78.183c: 00007ffcdcd13ae2 / 0x0093ae2: d1 != c8 78.183c: 00007ffcdcd13ae3 / 0x0093ae3: b8 != 14 78.183c: 00007ffcdcd13ae4 / 0x0093ae4: 2c != 80 78.183c: 00007ffcdcd13b90 / 0x0093b90: 4c != e9 78.183c: 00007ffcdcd13b91 / 0x0093b91: 8b != 7b 78.183c: 00007ffcdcd13b92 / 0x0093b92: d1 != c7 78.183c: 00007ffcdcd13b93 / 0x0093b93: b8 != 14 78.183c: 00007ffcdcd13b94 / 0x0093b94: 37 != 80 78.183c: 00007ffcdcd13bc0 / 0x0093bc0: 4c != e9 78.183c: 00007ffcdcd13bc1 / 0x0093bc1: 8b != db 78.183c: 00007ffcdcd13bc2 / 0x0093bc2: d1 != c7 78.183c: 00007ffcdcd13bc3 / 0x0093bc3: b8 != 14 78.183c: 00007ffcdcd13bc4 / 0x0093bc4: 3a != 80 78.183c: 00007ffcdcd13be0 / 0x0093be0: 4c != e9 78.183c: 00007ffcdcd13be1 / 0x0093be1: 8b != 9b 78.183c: 00007ffcdcd13be2 / 0x0093be2: d1 != c7 78.183c: 00007ffcdcd13be3 / 0x0093be3: b8 != 14 78.183c: 00007ffcdcd13be4 / 0x0093be4: 3c != 80 78.183c: 00007ffcdcd13c20 / 0x0093c20: 4c != e9 78.183c: 00007ffcdcd13c21 / 0x0093c21: 8b != ab 78.183c: 00007ffcdcd13c22 / 0x0093c22: d1 != c6 78.183c: 00007ffcdcd13c23 / 0x0093c23: b8 != 14 78.183c: 00007ffcdcd13c24 / 0x0093c24: 40 != 80 78.183c: 00007ffcdcd13ca0 / 0x0093ca0: 4c != e9 78.183c: 00007ffcdcd13ca1 / 0x0093ca1: 8b != 1b 78.183c: 00007ffcdcd13ca2 / 0x0093ca2: d1 != c6 78.183c: 00007ffcdcd13ca3 / 0x0093ca3: b8 != 14 78.183c: 00007ffcdcd13ca4 / 0x0093ca4: 48 != 80 78.183c: 00007ffcdcd13cc0 / 0x0093cc0: 4c != e9 78.183c: 00007ffcdcd13cc1 / 0x0093cc1: 8b != 3b 78.183c: 00007ffcdcd13cc2 / 0x0093cc2: d1 != c6 78.183c: 00007ffcdcd13cc3 / 0x0093cc3: b8 != 14 78.183c: 00007ffcdcd13cc4 / 0x0093cc4: 4a != 80 78.183c: 00007ffcdcd13d00 / 0x0093d00: 4c != e9 78.183c: 00007ffcdcd13d01 / 0x0093d01: 8b != ab 78.183c: 00007ffcdcd13d02 / 0x0093d02: d1 != c6 78.183c: 00007ffcdcd13d03 / 0x0093d03: b8 != 14 78.183c: 00007ffcdcd13d04 / 0x0093d04: 4e != 80 78.183c: 00007ffcdcd13d50 / 0x0093d50: 4c != e9 78.183c: 00007ffcdcd13d52 / 0x0093d52: d1 != c6 78.183c: 00007ffcdcd13d53 / 0x0093d53: b8 != 14 78.183c: 00007ffcdcd13d54 / 0x0093d54: 53 != 80 78.183c: Restored 0x2000 bytes of original file content at 00007ffcdcd11e6e 78.183c: ntdll.dll: Differences in section #1 (.text) between file and memory: 78.183c: 00007ffcdcd13ea0 / 0x0093ea0: 4c != e9 78.183c: 00007ffcdcd13ea1 / 0x0093ea1: 8b != 7b 78.183c: 00007ffcdcd13ea2 / 0x0093ea2: d1 != c3 78.183c: 00007ffcdcd13ea3 / 0x0093ea3: b8 != 14 78.183c: 00007ffcdcd13ea4 / 0x0093ea4: 68 != 80 78.183c: 00007ffcdcd140a0 / 0x00940a0: 4c != e9 78.183c: 00007ffcdcd140a1 / 0x00940a1: 8b != cb 78.183c: 00007ffcdcd140a2 / 0x00940a2: d1 != c3 78.183c: 00007ffcdcd140a3 / 0x00940a3: b8 != 14 78.183c: 00007ffcdcd140a4 / 0x00940a4: 88 != 80 78.183c: 00007ffcdcd140d0 / 0x00940d0: 4c != e9 78.183c: 00007ffcdcd140d1 / 0x00940d1: 8b != bb 78.183c: 00007ffcdcd140d2 / 0x00940d2: d1 != c2 78.183c: 00007ffcdcd140d3 / 0x00940d3: b8 != 14 78.183c: 00007ffcdcd140d4 / 0x00940d4: 8b != 80 78.183c: 00007ffcdcd14200 / 0x0094200: 4c != e9 78.183c: 00007ffcdcd14201 / 0x0094201: 8b != db 78.183c: 00007ffcdcd14202 / 0x0094202: d1 != c0 78.183c: 00007ffcdcd14203 / 0x0094203: b8 != 14 78.183c: 00007ffcdcd14204 / 0x0094204: 9e != 80 78.183c: 00007ffcdcd14220 / 0x0094220: 4c != e9 78.183c: 00007ffcdcd14221 / 0x0094221: 8b != 1b 78.183c: 00007ffcdcd14222 / 0x0094222: d1 != c1 78.183c: 00007ffcdcd14223 / 0x0094223: b8 != 14 78.183c: 00007ffcdcd14224 / 0x0094224: a0 != 80 78.183c: 00007ffcdcd14290 / 0x0094290: 4c != e9 78.183c: 00007ffcdcd14291 / 0x0094291: 8b != eb 78.183c: 00007ffcdcd14292 / 0x0094292: d1 != bf 78.183c: 00007ffcdcd14293 / 0x0094293: b8 != 14 78.183c: 00007ffcdcd14294 / 0x0094294: a7 != 80 78.183c: 00007ffcdcd14330 / 0x0094330: 4c != e9 78.183c: 00007ffcdcd14331 / 0x0094331: 8b != 6b 78.183c: 00007ffcdcd14332 / 0x0094332: d1 != bf 78.183c: 00007ffcdcd14333 / 0x0094333: b8 != 14 78.183c: 00007ffcdcd14334 / 0x0094334: b1 != 80 78.183c: 00007ffcdcd14350 / 0x0094350: 4c != e9 78.183c: 00007ffcdcd14351 / 0x0094351: 8b != 6b 78.183c: 00007ffcdcd14352 / 0x0094352: d1 != c0 78.183c: 00007ffcdcd14353 / 0x0094353: b8 != 14 78.183c: 00007ffcdcd14354 / 0x0094354: b3 != 80 78.183c: 00007ffcdcd14360 / 0x0094360: 4c != e9 78.183c: 00007ffcdcd14361 / 0x0094361: 8b != bb 78.183c: 00007ffcdcd14362 / 0x0094362: d1 != bf 78.183c: 00007ffcdcd14363 / 0x0094363: b8 != 14 78.183c: 00007ffcdcd14364 / 0x0094364: b4 != 80 78.183c: 00007ffcdcd14410 / 0x0094410: 4c != e9 78.183c: 00007ffcdcd14411 / 0x0094411: 8b != eb 78.183c: 00007ffcdcd14412 / 0x0094412: d1 != bf 78.183c: 00007ffcdcd14413 / 0x0094413: b8 != 14 78.183c: 00007ffcdcd14414 / 0x0094414: bf != 80 78.183c: 00007ffcdcd14440 / 0x0094440: 4c != e9 78.183c: 00007ffcdcd14441 / 0x0094441: 8b != eb 78.183c: 00007ffcdcd14442 / 0x0094442: d1 != bd 78.183c: 00007ffcdcd14443 / 0x0094443: b8 != 14 78.183c: 00007ffcdcd14444 / 0x0094444: c2 != 80 78.183c: 00007ffcdcd14770 / 0x0094770: 4c != e9 78.183c: 00007ffcdcd14771 / 0x0094771: 8b != 5b 78.183c: 00007ffcdcd14772 / 0x0094772: d1 != ba 78.183c: 00007ffcdcd14773 / 0x0094773: b8 != 14 78.183c: 00007ffcdcd14774 / 0x0094774: f5 != 80 78.183c: 00007ffcdcd14840 / 0x0094840: 4c != e9 78.183c: 00007ffcdcd14841 / 0x0094841: 8b != fb 78.183c: 00007ffcdcd14842 / 0x0094842: d1 != b9 78.183c: 00007ffcdcd14843 / 0x0094843: b8 != 14 78.183c: 00007ffcdcd14844 / 0x0094844: 02 != 80 78.183c: 00007ffcdcd14870 / 0x0094870: 4c != e9 78.183c: 00007ffcdcd14871 / 0x0094871: 8b != 0b 78.183c: 00007ffcdcd14872 / 0x0094872: d1 != bc 78.183c: 00007ffcdcd14873 / 0x0094873: b8 != 14 78.183c: 00007ffcdcd14874 / 0x0094874: 05 != 80 78.183c: 00007ffcdcd14880 / 0x0094880: 4c != e9 78.183c: 00007ffcdcd14881 / 0x0094881: 8b != 0b 78.183c: 00007ffcdcd14882 / 0x0094882: d1 != bc 78.183c: 00007ffcdcd14883 / 0x0094883: b8 != 14 78.183c: 00007ffcdcd14884 / 0x0094884: 06 != 80 78.183c: 00007ffcdcd148b0 / 0x00948b0: 4c != e9 78.183c: 00007ffcdcd148b1 / 0x00948b1: 8b != 3b 78.183c: 00007ffcdcd148b2 / 0x00948b2: d1 != ba 78.183c: 00007ffcdcd148b3 / 0x00948b3: b8 != 14 78.183c: 00007ffcdcd148b4 / 0x00948b4: 09 != 80 78.183c: 00007ffcdcd148c0 / 0x00948c0: 4c != e9 78.183c: 00007ffcdcd148c2 / 0x00948c2: d1 != ba 78.183c: 00007ffcdcd148c3 / 0x00948c3: b8 != 14 78.183c: 00007ffcdcd148c4 / 0x00948c4: 0a != 80 78.183c: 00007ffcdcd14920 / 0x0094920: 4c != e9 78.183c: 00007ffcdcd14921 / 0x0094921: 8b != 6b 78.183c: 00007ffcdcd14922 / 0x0094922: d1 != b9 78.183c: 00007ffcdcd14923 / 0x0094923: b8 != 14 78.183c: 00007ffcdcd14924 / 0x0094924: 10 != 80 78.183c: 00007ffcdcd14980 / 0x0094980: 4c != e9 78.183c: 00007ffcdcd14981 / 0x0094981: 8b != 2b 78.183c: 00007ffcdcd14982 / 0x0094982: d1 != b9 78.183c: 00007ffcdcd14983 / 0x0094983: b8 != 14 78.183c: 00007ffcdcd14984 / 0x0094984: 16 != 80 78.183c: 00007ffcdcd149b0 / 0x00949b0: 4c != e9 78.183c: 00007ffcdcd149b1 / 0x00949b1: 8b != bb 78.183c: 00007ffcdcd149b2 / 0x00949b2: d1 != b9 78.183c: 00007ffcdcd149b3 / 0x00949b3: b8 != 14 78.183c: 00007ffcdcd149b4 / 0x00949b4: 19 != 80 78.183c: 00007ffcdcd149c0 / 0x00949c0: 4c != e9 78.183c: 00007ffcdcd149c1 / 0x00949c1: 8b != 6b 78.183c: 00007ffcdcd149c2 / 0x00949c2: d1 != b9 78.183c: 00007ffcdcd149c3 / 0x00949c3: b8 != 14 78.183c: 00007ffcdcd149c4 / 0x00949c4: 1a != 80 78.183c: 00007ffcdcd14cd0 / 0x0094cd0: 4c != e9 78.183c: 00007ffcdcd14cd1 / 0x0094cd1: 8b != 5b 78.183c: 00007ffcdcd14cd2 / 0x0094cd2: d1 != b7 78.183c: 00007ffcdcd14cd3 / 0x0094cd3: b8 != 14 78.183c: 00007ffcdcd14cd4 / 0x0094cd4: 4b != 80 78.183c: 00007ffcdcd14ee0 / 0x0094ee0: 4c != e9 78.183c: 00007ffcdcd14ee1 / 0x0094ee1: 8b != 6b 78.183c: 00007ffcdcd14ee2 / 0x0094ee2: d1 != b3 78.183c: 00007ffcdcd14ee3 / 0x0094ee3: b8 != 14 78.183c: 00007ffcdcd14ee4 / 0x0094ee4: 6c != 80 78.183c: 00007ffcdcd14ef0 / 0x0094ef0: 4c != e9 78.183c: 00007ffcdcd14ef1 / 0x0094ef1: 8b != 6b 78.183c: 00007ffcdcd14ef2 / 0x0094ef2: d1 != b3 78.183c: 00007ffcdcd14ef3 / 0x0094ef3: b8 != 14 78.183c: 00007ffcdcd14ef4 / 0x0094ef4: 6d != 80 78.183c: 00007ffcdcd14f10 / 0x0094f10: 4c != e9 78.183c: 00007ffcdcd14f11 / 0x0094f11: 8b != db 78.183c: 00007ffcdcd14f12 / 0x0094f12: d1 != b4 78.183c: 00007ffcdcd14f13 / 0x0094f13: b8 != 14 78.183c: 00007ffcdcd14f14 / 0x0094f14: 6f != 80 78.183c: 00007ffcdcd15100 / 0x0095100: 4c != e9 78.183c: 00007ffcdcd15101 / 0x0095101: 8b != db 78.183c: 00007ffcdcd15102 / 0x0095102: d1 != b0 78.183c: 00007ffcdcd15103 / 0x0095103: b8 != 14 78.183c: 00007ffcdcd15104 / 0x0095104: 8e != 80 78.183c: 00007ffcdcd15110 / 0x0095110: 4c != e9 78.183c: 00007ffcdcd15111 / 0x0095111: 8b != eb 78.183c: 00007ffcdcd15112 / 0x0095112: d1 != b0 78.183c: 00007ffcdcd15113 / 0x0095113: b8 != 14 78.183c: 00007ffcdcd15114 / 0x0095114: 8f != 80 78.183c: 00007ffcdcd151a0 / 0x00951a0: 4c != e9 78.183c: 00007ffcdcd151a1 / 0x00951a1: 8b != 4b 78.183c: 00007ffcdcd151a2 / 0x00951a2: d1 != b0 78.183c: 00007ffcdcd151a3 / 0x00951a3: b8 != 14 78.183c: 00007ffcdcd151a4 / 0x00951a4: 98 != 80 78.183c: 00007ffcdcd15210 / 0x0095210: 4c != e9 78.183c: 00007ffcdcd15211 / 0x0095211: 8b != fb 78.183c: 00007ffcdcd15212 / 0x0095212: d1 != b1 78.183c: 00007ffcdcd15213 / 0x0095213: b8 != 14 78.183c: 00007ffcdcd15214 / 0x0095214: 9f != 80 78.183c: 00007ffcdcd15220 / 0x0095220: 4c != e9 78.183c: 00007ffcdcd15221 / 0x0095221: 8b != fb 78.183c: 00007ffcdcd15222 / 0x0095222: d1 != b1 78.183c: 00007ffcdcd15223 / 0x0095223: b8 != 14 78.183c: 00007ffcdcd15224 / 0x0095224: a0 != 80 78.183c: 00007ffcdcd15230 / 0x0095230: 4c != e9 78.183c: 00007ffcdcd15231 / 0x0095231: 8b != db 78.183c: 00007ffcdcd15232 / 0x0095232: d1 != af 78.183c: 00007ffcdcd15233 / 0x0095233: b8 != 14 78.183c: 00007ffcdcd15234 / 0x0095234: a1 != 80 78.183c: 00007ffcdcd15340 / 0x0095340: 4c != e9 78.183c: 00007ffcdcd15341 / 0x0095341: 8b != 2b 78.183c: 00007ffcdcd15342 / 0x0095342: d1 != af 78.183c: 00007ffcdcd15343 / 0x0095343: b8 != 14 78.183c: 00007ffcdcd15344 / 0x0095344: b2 != 80 78.183c: Restored 0x2000 bytes of original file content at 00007ffcdcd13e6e 78.183c: supR3HardNtChildPurify: cFixes=3 g_fSupAdversaries=0x4 78.183c: supR3HardNtChildPurify: Startup delay kludge #1/1: 514 ms, 60 sleeps 78.183c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 78.183c: *0000000000000000-ffffffffff9fffff 0x0001/0x0000 0x0000000 78.183c: *0000000000600000-00000000005dffff 0x0004/0x0004 0x0020000 78.183c: *0000000000620000-000000000060bfff 0x0002/0x0002 0x0040000 78.183c: 0000000000634000-0000000000627fff 0x0001/0x0000 0x0000000 78.183c: *0000000000640000-0000000000543fff 0x0000/0x0004 0x0020000 78.183c: 000000000073c000-0000000000738fff 0x0104/0x0004 0x0020000 78.183c: 000000000073f000-000000000073dfff 0x0004/0x0004 0x0020000 78.183c: *0000000000740000-000000000073bfff 0x0002/0x0002 0x0040000 78.183c: 0000000000744000-0000000000737fff 0x0001/0x0000 0x0000000 78.183c: *0000000000750000-000000000074dfff 0x0004/0x0004 0x0020000 78.183c: 0000000000752000-ffffffff80ec3fff 0x0001/0x0000 0x0000000 78.183c: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000 78.183c: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000 78.183c: 000000007fff0000-ffff800aa7d6ffff 0x0001/0x0000 0x0000000 78.183c: *00007ff658270000-00007ff65824cfff 0x0002/0x0002 0x0040000 78.183c: 00007ff658293000-00007ff65828efff 0x0001/0x0000 0x0000000 78.183c: *00007ff658297000-00007ff658295fff 0x0004/0x0004 0x0020000 78.183c: 00007ff658298000-00007ff658291fff 0x0001/0x0000 0x0000000 78.183c: *00007ff65829e000-00007ff65829bfff 0x0004/0x0004 0x0020000 78.183c: 00007ff6582a0000-00007ff657e2ffff 0x0001/0x0000 0x0000000 78.183c: *00007ff658710000-00007ff658710fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 78.183c: 00007ff658711000-00007ff658796fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 78.183c: 00007ff658797000-00007ff658797fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 78.183c: 00007ff658798000-00007ff6587e1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 78.183c: 00007ff6587e2000-00007ff6587ebfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 78.183c: 00007ff6587ec000-00007ff658835fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 78.183c: 00007ff658836000-00007fefd43ebfff 0x0001/0x0000 0x0000000 78.183c: *00007ffcdcc80000-00007ffcdcc80fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 78.183c: 00007ffcdcc81000-00007ffcdcd7dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 78.183c: 00007ffcdcd7e000-00007ffcdcdbffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 78.183c: 00007ffcdcdc0000-00007ffcdcdc3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 78.183c: 00007ffcdcdc4000-00007ffcdcdc8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 78.183c: 00007ffcdcdc9000-00007ffcdcdd6fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 78.183c: 00007ffcdcdd7000-00007ffcdcdd7fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 78.183c: 00007ffcdcdd8000-00007ffcdcddafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 78.183c: 00007ffcdcddb000-00007ffcdce41fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 78.183c: 00007ffcdce42000-00007ff9b9ca3fff 0x0001/0x0000 0x0000000 78.183c: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000 78.183c: supR3HardNtChildPurify: Done after 1123 ms and 3 fixes (loop #1). 1e20.c78: Log file opened: 5.0.2r102096 g_hStartupLog=0000000000000008 g_uNtVerCombined=0xa0280000 1e20.c78: supR3HardenedVmProcessInit: uNtDllAddr=00007ffcdcc80000 1e20.c78: ntdll.dll: timestamp 0x56ad9704 (rc=VINF_SUCCESS) 78.183c: supR3HardNtEnableThreadCreation: 1e20.c78: New simple heap: #1 0000000000860000 LB 0x400000 (for 1843200 allocation) 1e20.c78: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox' 1e20.c78: System32: \Device\HarddiskVolume4\Windows\System32 1e20.c78: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS 1e20.c78: KnownDllPath: C:\WINDOWS\system32 1e20.c78: supR3HardenedVmProcessInit: Opening vboxdrv stub... 1e20.c78: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 1e20.c78: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 1e20.c78: Registered Dll notification callback with NTDLL. 1e20.c78: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll) 1e20.c78: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll 1e20.c78: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801: [calling] 1e20.c78: supR3HardenedDllNotificationCallback: load 00007ffcda0c0000 LB 0x001dd000 C:\WINDOWS\system32\KERNELBASE.dll [fFlags=0x0] 1e20.c78: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll) 1e20.c78: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll 1e20.c78: supR3HardenedDllNotificationCallback: load 00007ffcdc870000 LB 0x000ad000 C:\WINDOWS\system32\KERNEL32.DLL [fFlags=0x0] 1e20.c78: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 1e20.c78: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcdc870000 'C:\WINDOWS\system32\KERNEL32.DLL' 1e20.c78: supR3HardenedDllNotificationCallback: load 00007ff658710000 LB 0x00126000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0] 1e20.c78: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 1e20.c78: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe) 1e20.c78: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 1e20.c78: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffcdccebe60 pvNtTerminateThread=00007ffcdcd13d50 78.183c: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 119 ms. 1e20.c78: \SystemRoot\System32\ntdll.dll: 1e20.c78: CreationTime: 2016-02-14T09:13:39.052060200Z 1e20.c78: LastWriteTime: 2016-01-31T06:24:08.504709500Z 1e20.c78: ChangeTime: 2016-02-15T18:56:30.861723300Z 1e20.c78: FileAttributes: 0x20 1e20.c78: Size: 0x1bd870 1e20.c78: NT Headers: 0xd8 1e20.c78: Timestamp: 0x56ad9704 1e20.c78: Machine: 0x8664 - amd64 1e20.c78: Timestamp: 0x56ad9704 1e20.c78: Image Version: 10.0 1e20.c78: SizeOfImage: 0x1c2000 (1843200) 1e20.c78: Resource Dir: 0x15b000 LB 0x65718 1e20.c78: ProductName: Microsoft® Windows® Operating System 1e20.c78: ProductVersion: 10.0.10240.16683 1e20.c78: FileVersion: 10.0.10240.16683 (th1.160130-1842) 1e20.c78: FileDescription: NT Layer DLL 1e20.c78: \SystemRoot\System32\kernel32.dll: 1e20.c78: CreationTime: 2015-07-10T10:59:59.699781600Z 1e20.c78: LastWriteTime: 2015-07-10T10:59:59.699781600Z 1e20.c78: ChangeTime: 2015-10-26T21:21:03.376459200Z 1e20.c78: FileAttributes: 0x20 1e20.c78: Size: 0xab830 1e20.c78: NT Headers: 0xf0 1e20.c78: Timestamp: 0x559f38ad 1e20.c78: Machine: 0x8664 - amd64 1e20.c78: Timestamp: 0x559f38ad 1e20.c78: Image Version: 10.0 1e20.c78: SizeOfImage: 0xad000 (708608) 1e20.c78: Resource Dir: 0xab000 LB 0x518 1e20.c78: ProductName: Microsoft® Windows® Operating System 1e20.c78: ProductVersion: 10.0.10240.16384 1e20.c78: FileVersion: 10.0.10240.16384 (th1.150709-1700) 1e20.c78: FileDescription: Windows NT BASE API Client DLL 1e20.c78: \SystemRoot\System32\KernelBase.dll: 1e20.c78: CreationTime: 2016-02-14T09:13:43.046683400Z 1e20.c78: LastWriteTime: 2016-01-31T06:25:52.401093100Z 1e20.c78: ChangeTime: 2016-02-15T18:56:30.486719700Z 1e20.c78: FileAttributes: 0x20 1e20.c78: Size: 0x1dc880 1e20.c78: NT Headers: 0xf0 1e20.c78: Timestamp: 0x56ad97a2 1e20.c78: Machine: 0x8664 - amd64 1e20.c78: Timestamp: 0x56ad97a2 1e20.c78: Image Version: 10.0 1e20.c78: SizeOfImage: 0x1dd000 (1953792) 1e20.c78: Resource Dir: 0x1c7000 LB 0x530 1e20.c78: ProductName: Microsoft® Windows® Operating System 1e20.c78: ProductVersion: 10.0.10240.16683 1e20.c78: FileVersion: 10.0.10240.16683 (th1.160130-1842) 1e20.c78: FileDescription: Windows NT BASE API Client DLL 1e20.c78: \SystemRoot\System32\apisetschema.dll: 1e20.c78: CreationTime: 2015-07-10T11:00:04.872098600Z 1e20.c78: LastWriteTime: 2015-07-10T11:00:04.872098600Z 1e20.c78: ChangeTime: 2015-09-04T22:44:05.965798400Z 1e20.c78: FileAttributes: 0x20 1e20.c78: Size: 0x16760 1e20.c78: NT Headers: 0xc8 1e20.c78: Timestamp: 0x559f3e3d 1e20.c78: Machine: 0x8664 - amd64 1e20.c78: Timestamp: 0x559f3e3d 1e20.c78: Image Version: 10.0 1e20.c78: SizeOfImage: 0x17000 (94208) 1e20.c78: Resource Dir: 0x16000 LB 0x3f0 1e20.c78: ProductName: Microsoft® Windows® Operating System 1e20.c78: ProductVersion: 10.0.10240.16384 1e20.c78: FileVersion: 10.0.10240.16384 (th1.150709-1700) 1e20.c78: FileDescription: ApiSet Schema DLL 1e20.c78: NtOpenDirectoryObject failed on \Driver: 0xc0000022 1e20.c78: supR3HardenedWinFindAdversaries: 0x4 1e20.c78: \SystemRoot\System32\drivers\aswHwid.sys: 1e20.c78: CreationTime: 2015-09-04T22:31:44.708479200Z 1e20.c78: LastWriteTime: 2015-09-04T22:31:43.125021300Z 1e20.c78: ChangeTime: 2015-09-04T22:31:44.371300700Z 1e20.c78: FileAttributes: 0x20 1e20.c78: Size: 0x6ff0 1e20.c78: NT Headers: 0xe8 1e20.c78: Timestamp: 0x55b66532 1e20.c78: Machine: 0x8664 - amd64 1e20.c78: Timestamp: 0x55b66532 1e20.c78: Image Version: 6.0 1e20.c78: SizeOfImage: 0xa000 (40960) 1e20.c78: Resource Dir: 0x8000 LB 0x398 1e20.c78: ProductName: Avast Antivirus 1e20.c78: ProductVersion: 10.3.2225.1172 1e20.c78: FileVersion: 10.3.2225.1172 1e20.c78: FileDescription: avast! HWID 1e20.c78: \SystemRoot\System32\drivers\aswMonFlt.sys: 1e20.c78: CreationTime: 2015-09-04T22:31:44.708479200Z 1e20.c78: LastWriteTime: 2015-09-04T22:31:43.137032600Z 1e20.c78: ChangeTime: 2015-09-04T22:31:44.371300700Z 1e20.c78: FileAttributes: 0x20 1e20.c78: Size: 0x16358 1e20.c78: NT Headers: 0xe8 1e20.c78: Timestamp: 0x55b66516 1e20.c78: Machine: 0x8664 - amd64 1e20.c78: Timestamp: 0x55b66516 1e20.c78: Image Version: 6.0 1e20.c78: SizeOfImage: 0x24000 (147456) 1e20.c78: Resource Dir: 0x22000 LB 0x3c0 1e20.c78: ProductName: Avast Antivirus 1e20.c78: ProductVersion: 10.3.2225.1172 1e20.c78: FileVersion: 10.3.2225.1172 1e20.c78: FileDescription: avast! File System Minifilter for Windows 2003/Vista 1e20.c78: \SystemRoot\System32\drivers\aswRdr2.sys: 1e20.c78: CreationTime: 2015-09-04T22:31:44.704481000Z 1e20.c78: LastWriteTime: 2015-09-04T22:31:42.980946400Z 1e20.c78: ChangeTime: 2015-09-04T22:31:44.371300700Z 1e20.c78: FileAttributes: 0x20 1e20.c78: Size: 0x16d58 1e20.c78: NT Headers: 0xf0 1e20.c78: Timestamp: 0x55b66550 1e20.c78: Machine: 0x8664 - amd64 1e20.c78: Timestamp: 0x55b66550 1e20.c78: Image Version: 6.1 1e20.c78: SizeOfImage: 0x1a000 (106496) 1e20.c78: Resource Dir: 0x18000 LB 0x3a8 1e20.c78: ProductName: Avast Antivirus 1e20.c78: ProductVersion: 10.3.2225.1172 1e20.c78: FileVersion: 10.3.2225.1172 built by: WinDDK 1e20.c78: FileDescription: avast! WFP Redirect Driver 1e20.c78: \SystemRoot\System32\drivers\aswRvrt.sys: 1e20.c78: CreationTime: 2015-09-04T22:31:44.712479200Z 1e20.c78: LastWriteTime: 2015-09-04T22:31:43.145023400Z 1e20.c78: ChangeTime: 2015-09-04T22:31:44.371300700Z 1e20.c78: FileAttributes: 0x20 1e20.c78: Size: 0xfec8 1e20.c78: NT Headers: 0xf8 1e20.c78: Timestamp: 0x55b66505 1e20.c78: Machine: 0x8664 - amd64 1e20.c78: Timestamp: 0x55b66505 1e20.c78: Image Version: 6.0 1e20.c78: SizeOfImage: 0x13000 (77824) 1e20.c78: Resource Dir: 0x11000 LB 0x398 1e20.c78: ProductName: Avast Antivirus 1e20.c78: ProductVersion: 10.3.2225.1172 1e20.c78: FileVersion: 10.3.2225.1172 1e20.c78: FileDescription: avast! Revert 1e20.c78: \SystemRoot\System32\drivers\aswSnx.sys: 1e20.c78: CreationTime: 2015-09-04T22:31:44.696478100Z 1e20.c78: LastWriteTime: 2015-11-12T10:31:56.443927500Z 1e20.c78: ChangeTime: 2015-11-12T10:31:56.443927500Z 1e20.c78: FileAttributes: 0x20 1e20.c78: Size: 0x102b48 1e20.c78: NT Headers: 0xe8 1e20.c78: Timestamp: 0x5631cc02 1e20.c78: Machine: 0x8664 - amd64 1e20.c78: Timestamp: 0x5631cc02 1e20.c78: Image Version: 6.0 1e20.c78: SizeOfImage: 0x106000 (1073152) 1e20.c78: Resource Dir: 0xfe000 LB 0x388 1e20.c78: ProductName: Avast Antivirus 1e20.c78: ProductVersion: 10.3.2225.1189 1e20.c78: FileVersion: 10.3.2225.1189 1e20.c78: FileDescription: avast! Virtualization Driver 1e20.c78: \SystemRoot\System32\drivers\aswsp.sys: 1e20.c78: CreationTime: 2015-09-04T22:31:44.716626700Z 1e20.c78: LastWriteTime: 2015-11-12T10:31:56.527020600Z 1e20.c78: ChangeTime: 2015-11-12T10:31:56.527020600Z 1e20.c78: FileAttributes: 0x20 1e20.c78: Size: 0x6ddc8 1e20.c78: NT Headers: 0x100 1e20.c78: Timestamp: 0x5631d051 1e20.c78: Machine: 0x8664 - amd64 1e20.c78: Timestamp: 0x5631d051 1e20.c78: Image Version: 6.0 1e20.c78: SizeOfImage: 0x75000 (479232) 1e20.c78: Resource Dir: 0x73000 LB 0x380 1e20.c78: ProductName: Avast Antivirus 1e20.c78: ProductVersion: 10.3.2225.1189 1e20.c78: FileVersion: 10.3.2225.1189 1e20.c78: FileDescription: avast! self protection module 1e20.c78: \SystemRoot\System32\drivers\aswStm.sys: 1e20.c78: CreationTime: 2015-09-04T22:31:44.716626700Z 1e20.c78: LastWriteTime: 2015-09-04T22:31:43.213027900Z 1e20.c78: ChangeTime: 2015-09-04T22:31:44.375306800Z 1e20.c78: FileAttributes: 0x20 1e20.c78: Size: 0x24c90 1e20.c78: NT Headers: 0x100 1e20.c78: Timestamp: 0x55b66c74 1e20.c78: Machine: 0x8664 - amd64 1e20.c78: Timestamp: 0x55b66c74 1e20.c78: Image Version: 6.2 1e20.c78: SizeOfImage: 0x27000 (159744) 1e20.c78: Resource Dir: 0x25000 LB 0x360 1e20.c78: ProductName: Avast Antivirus 1e20.c78: ProductVersion: 10.3.2225.1172 1e20.c78: FileVersion: 10.3.2225.1172 1e20.c78: FileDescription: Stream Filter 1e20.c78: \SystemRoot\System32\drivers\aswVmm.sys: 1e20.c78: CreationTime: 2015-09-04T22:31:44.716626700Z 1e20.c78: LastWriteTime: 2015-09-04T22:31:43.181025600Z 1e20.c78: ChangeTime: 2015-09-04T22:31:44.375306800Z 1e20.c78: FileAttributes: 0x20 1e20.c78: Size: 0x43178 1e20.c78: NT Headers: 0xf8 1e20.c78: Timestamp: 0x55b66b89 1e20.c78: Machine: 0x8664 - amd64 1e20.c78: Timestamp: 0x55b66b89 1e20.c78: Image Version: 6.0 1e20.c78: SizeOfImage: 0x45000 (282624) 1e20.c78: Resource Dir: 0x42000 LB 0x3a0 1e20.c78: ProductName: Avast Antivirus 1e20.c78: ProductVersion: 10.3.2225.1172 1e20.c78: FileVersion: 10.3.2225.1172 1e20.c78: FileDescription: avast! VM Monitor 1e20.c78: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox' 1e20.c78: Calling main() 1e20.c78: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 1e20.c78: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox' 1e20.c78: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 1e20.c78: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe) 1e20.c78: SUPR3HardenedMain: Respawn #2 1e20.c78: supR3HardNtEnableThreadCreation: 1e20.c78: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffcdccebe60 pvNtTerminateThread=00007ffcdcd13d50 1e20.c78: supR3HardenedWinDoReSpawn(2): New child 1e48.1e34 [kernel32]. 1e20.c78: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless) 1e20.c78: supR3HardNtChildGatherData: PebBaseAddress=00007ff658637000 cbPeb=0x388 1e20.c78: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffcdcc80000 uNtDllChildAddr=00007ffcdcc80000 1e20.c78: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffcdccebe60 1e20.c78: supR3HardenedWinSetupChildInit: Start child. 1e20.c78: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. 1e20.c78: supR3HardNtChildPurify: Startup delay kludge #1/0: 516 ms, 61 sleeps 1e20.c78: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 1e20.c78: *0000000000000000-ffffffffff32ffff 0x0001/0x0000 0x0000000 1e20.c78: *0000000000cd0000-0000000000caffff 0x0004/0x0004 0x0020000 1e20.c78: *0000000000cf0000-0000000000cdbfff 0x0002/0x0002 0x0040000 1e20.c78: 0000000000d04000-0000000000cf7fff 0x0001/0x0000 0x0000000 1e20.c78: *0000000000d10000-0000000000c13fff 0x0000/0x0004 0x0020000 1e20.c78: 0000000000e0c000-0000000000e08fff 0x0104/0x0004 0x0020000 1e20.c78: 0000000000e0f000-0000000000e0dfff 0x0004/0x0004 0x0020000 1e20.c78: *0000000000e10000-0000000000e0bfff 0x0002/0x0002 0x0040000 1e20.c78: 0000000000e14000-0000000000e07fff 0x0001/0x0000 0x0000000 1e20.c78: *0000000000e20000-0000000000e1dfff 0x0004/0x0004 0x0020000 1e20.c78: 0000000000e22000-ffffffff81c63fff 0x0001/0x0000 0x0000000 1e20.c78: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000 1e20.c78: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000 1e20.c78: 000000007fff0000-ffff800aa79cffff 0x0001/0x0000 0x0000000 1e20.c78: *00007ff658610000-00007ff6585ecfff 0x0002/0x0002 0x0040000 1e20.c78: 00007ff658633000-00007ff65862efff 0x0001/0x0000 0x0000000 1e20.c78: *00007ff658637000-00007ff658635fff 0x0004/0x0004 0x0020000 1e20.c78: 00007ff658638000-00007ff658631fff 0x0001/0x0000 0x0000000 1e20.c78: *00007ff65863e000-00007ff65863bfff 0x0004/0x0004 0x0020000 1e20.c78: 00007ff658640000-00007ff65856ffff 0x0001/0x0000 0x0000000 1e20.c78: *00007ff658710000-00007ff658710fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 1e20.c78: 00007ff658711000-00007ff658796fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 1e20.c78: 00007ff658797000-00007ff658797fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 1e20.c78: 00007ff658798000-00007ff6587e1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 1e20.c78: 00007ff6587e2000-00007ff6587e2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 1e20.c78: 00007ff6587e3000-00007ff6587e3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 1e20.c78: 00007ff6587e4000-00007ff6587e5fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 1e20.c78: 00007ff6587e6000-00007ff6587e6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 1e20.c78: 00007ff6587e7000-00007ff6587e7fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 1e20.c78: 00007ff6587e8000-00007ff6587ebfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 1e20.c78: 00007ff6587ec000-00007ff658835fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 1e20.c78: 00007ff658836000-00007ff05420bfff 0x0001/0x0000 0x0000000 1e20.c78: *00007ffc5ce60000-00007ffc5ce5cfff 0x0040/0x0040 0x0020000 !! 1e20.c78: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 00007ffc5ce60000 (LB 0x3000, 00007ffc5ce60000 LB 0x3000) 1e20.c78: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [00007ffc5ce60000/00007ffc5ce60000 LB 0/0x3000] 1e20.c78: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/00007ffc5ce60000 LB 0x7fe20000 s=0x10000 ap=0x0 rp=0x00000000000001