1258.1600: Log file opened: 5.0.1r102010 g_hStartupLog=00000058 g_uNtVerCombined=0xa0280000 1258.1600: \SystemRoot\System32\ntdll.dll: 1258.1600: CreationTime: 2015-08-11T17:43:28.598759600Z 1258.1600: LastWriteTime: 2015-08-08T06:59:45.320134700Z 1258.1600: ChangeTime: 2015-08-14T18:58:38.110460300Z 1258.1600: FileAttributes: 0x20 1258.1600: Size: 0x176c38 1258.1600: NT Headers: 0xf0 1258.1600: Timestamp: 0x55c599e6 1258.1600: Machine: 0x14c - i386 1258.1600: Timestamp: 0x55c599e6 1258.1600: Image Version: 10.0 1258.1600: SizeOfImage: 0x179000 (1544192) 1258.1600: Resource Dir: 0x10e000 LB 0x65718 1258.1600: ProductName: Microsoft® Windows® Operating System 1258.1600: ProductVersion: 10.0.10240.16430 1258.1600: FileVersion: 10.0.10240.16430 (th1.150807-2049) 1258.1600: FileDescription: NT Layer DLL 1258.1600: \SystemRoot\System32\kernel32.dll: 1258.1600: CreationTime: 2015-07-10T08:24:38.139724700Z 1258.1600: LastWriteTime: 2015-07-10T08:24:38.139724700Z 1258.1600: ChangeTime: 2015-08-09T00:22:19.540168900Z 1258.1600: FileAttributes: 0x20 1258.1600: Size: 0x986b8 1258.1600: NT Headers: 0xf8 1258.1600: Timestamp: 0x559f3b86 1258.1600: Machine: 0x14c - i386 1258.1600: Timestamp: 0x559f3b86 1258.1600: Image Version: 10.0 1258.1600: SizeOfImage: 0x95000 (610304) 1258.1600: Resource Dir: 0x8f000 LB 0x518 1258.1600: ProductName: Microsoft® Windows® Operating System 1258.1600: ProductVersion: 10.0.10240.16384 1258.1600: FileVersion: 10.0.10240.16384 (th1.150709-1700) 1258.1600: FileDescription: Windows NT BASE API Client DLL 1258.1600: \SystemRoot\System32\KernelBase.dll: 1258.1600: CreationTime: 2015-07-10T08:24:56.031660300Z 1258.1600: LastWriteTime: 2015-07-10T08:24:56.047288800Z 1258.1600: ChangeTime: 2015-08-09T00:22:19.555793500Z 1258.1600: FileAttributes: 0x20 1258.1600: Size: 0x175610 1258.1600: NT Headers: 0xf0 1258.1600: Timestamp: 0x559f3b4c 1258.1600: Machine: 0x14c - i386 1258.1600: Timestamp: 0x559f3b4c 1258.1600: Image Version: 10.0 1258.1600: SizeOfImage: 0x177000 (1536000) 1258.1600: Resource Dir: 0x15b000 LB 0x530 1258.1600: ProductName: Microsoft® Windows® Operating System 1258.1600: ProductVersion: 10.0.10240.16384 1258.1600: FileVersion: 10.0.10240.16384 (th1.150709-1700) 1258.1600: FileDescription: Windows NT BASE API Client DLL 1258.1600: \SystemRoot\System32\apisetschema.dll: 1258.1600: CreationTime: 2015-07-10T08:24:49.281165400Z 1258.1600: LastWriteTime: 2015-07-10T08:24:49.281165400Z 1258.1600: ChangeTime: 2015-08-09T00:22:17.555789100Z 1258.1600: FileAttributes: 0x20 1258.1600: Size: 0x16560 1258.1600: NT Headers: 0xc8 1258.1600: Timestamp: 0x559f4063 1258.1600: Machine: 0x14c - i386 1258.1600: Timestamp: 0x559f4063 1258.1600: Image Version: 10.0 1258.1600: SizeOfImage: 0x17000 (94208) 1258.1600: Resource Dir: 0x16000 LB 0x3f0 1258.1600: ProductName: Microsoft® Windows® Operating System 1258.1600: ProductVersion: 10.0.10240.16384 1258.1600: FileVersion: 10.0.10240.16384 (th1.150709-1700) 1258.1600: FileDescription: ApiSet Schema DLL 1258.1600: NtOpenDirectoryObject failed on \Driver: 0xc0000022 1258.1600: supR3HardenedWinFindAdversaries: 0x4 1258.1600: \SystemRoot\System32\drivers\aswHwid.sys: 1258.1600: CreationTime: 2014-08-01T17:41:53.540271500Z 1258.1600: LastWriteTime: 2015-08-07T17:22:40.359690200Z 1258.1600: ChangeTime: 2015-08-08T23:09:55.652887500Z 1258.1600: FileAttributes: 0x20 1258.1600: Size: 0x5dd0 1258.1600: NT Headers: 0x260 1258.1600: Timestamp: 0x55b6652c 1258.1600: Machine: 0x14c - i386 1258.1600: Timestamp: 0x55b6652c 1258.1600: Image Version: 6.0 1258.1600: SizeOfImage: 0x3880 (14464) 1258.1600: Resource Dir: 0x3200 LB 0x398 1258.1600: ProductName: Avast Antivirus 1258.1600: ProductVersion: 10.3.2225.1172 1258.1600: FileVersion: 10.3.2225.1172 1258.1600: FileDescription: avast! HWID 1258.1600: \SystemRoot\System32\drivers\aswMonFlt.sys: 1258.1600: CreationTime: 2013-11-02T07:48:09.634025400Z 1258.1600: LastWriteTime: 2015-08-07T17:22:40.447694600Z 1258.1600: ChangeTime: 2015-08-08T23:09:55.652887500Z 1258.1600: FileAttributes: 0x20 1258.1600: Size: 0x128e0 1258.1600: NT Headers: 0xe8 1258.1600: Timestamp: 0x55b6650d 1258.1600: Machine: 0x14c - i386 1258.1600: Timestamp: 0x55b6650d 1258.1600: Image Version: 6.0 1258.1600: SizeOfImage: 0x1e000 (122880) 1258.1600: Resource Dir: 0x1c000 LB 0x3c0 1258.1600: ProductName: Avast Antivirus 1258.1600: ProductVersion: 10.3.2225.1172 1258.1600: FileVersion: 10.3.2225.1172 1258.1600: FileDescription: avast! File System Minifilter for Windows 2003/Vista 1258.1600: \SystemRoot\System32\drivers\aswRdr2.sys: 1258.1600: CreationTime: 2013-11-02T07:48:09.630025300Z 1258.1600: LastWriteTime: 2015-08-07T17:22:39.832660100Z 1258.1600: ChangeTime: 2015-08-08T23:09:55.652887500Z 1258.1600: FileAttributes: 0x20 1258.1600: Size: 0x13f40 1258.1600: NT Headers: 0xe0 1258.1600: Timestamp: 0x55b6652b 1258.1600: Machine: 0x14c - i386 1258.1600: Timestamp: 0x55b6652b 1258.1600: Image Version: 6.1 1258.1600: SizeOfImage: 0x19000 (102400) 1258.1600: Resource Dir: 0x16000 LB 0x3a8 1258.1600: ProductName: Avast Antivirus 1258.1600: ProductVersion: 10.3.2225.1172 1258.1600: FileVersion: 10.3.2225.1172 built by: WinDDK 1258.1600: FileDescription: avast! WFP Redirect Driver 1258.1600: \SystemRoot\System32\drivers\aswRvrt.sys: 1258.1600: CreationTime: 2013-11-02T07:48:09.639025500Z 1258.1600: LastWriteTime: 2015-08-07T17:22:40.567702000Z 1258.1600: ChangeTime: 2015-08-08T23:09:55.652887500Z 1258.1600: FileAttributes: 0x20 1258.1600: Size: 0xc270 1258.1600: NT Headers: 0x258 1258.1600: Timestamp: 0x55b664fe 1258.1600: Machine: 0x14c - i386 1258.1600: Timestamp: 0x55b664fe 1258.1600: Image Version: 6.0 1258.1600: SizeOfImage: 0x9c80 (40064) 1258.1600: Resource Dir: 0x9200 LB 0x398 1258.1600: ProductName: Avast Antivirus 1258.1600: ProductVersion: 10.3.2225.1172 1258.1600: FileVersion: 10.3.2225.1172 1258.1600: FileDescription: avast! Revert 1258.1600: \SystemRoot\System32\drivers\aswSnx.sys: 1258.1600: CreationTime: 2013-11-02T07:48:09.636025400Z 1258.1600: LastWriteTime: 2015-08-07T17:20:57.421935200Z 1258.1600: ChangeTime: 2015-08-08T23:09:55.668512900Z 1258.1600: FileAttributes: 0x20 1258.1600: Size: 0xc0930 1258.1600: NT Headers: 0xe0 1258.1600: Timestamp: 0x55b6656c 1258.1600: Machine: 0x14c - i386 1258.1600: Timestamp: 0x55b6656c 1258.1600: Image Version: 6.0 1258.1600: SizeOfImage: 0xc4000 (802816) 1258.1600: Resource Dir: 0xb5000 LB 0x388 1258.1600: ProductName: Avast Antivirus 1258.1600: ProductVersion: 10.3.2225.1172 1258.1600: FileVersion: 10.3.2225.1172 1258.1600: FileDescription: avast! Virtualization Driver 1258.1600: \SystemRoot\System32\drivers\aswsp.sys: 1258.1600: CreationTime: 2013-11-02T07:48:09.641025500Z 1258.1600: LastWriteTime: 2015-08-07T17:22:41.068729800Z 1258.1600: ChangeTime: 2015-08-08T23:09:55.668512900Z 1258.1600: FileAttributes: 0x20 1258.1600: Size: 0x69c70 1258.1600: NT Headers: 0x270 1258.1600: Timestamp: 0x55b66b88 1258.1600: Machine: 0x14c - i386 1258.1600: Timestamp: 0x55b66b88 1258.1600: Image Version: 6.0 1258.1600: SizeOfImage: 0x66d80 (421248) 1258.1600: Resource Dir: 0x61e80 LB 0x380 1258.1600: ProductName: Avast Antivirus 1258.1600: ProductVersion: 10.3.2225.1172 1258.1600: FileVersion: 10.3.2225.1172 1258.1600: FileDescription: avast! self protection module 1258.1600: \SystemRoot\System32\drivers\aswStm.sys: 1258.1600: CreationTime: 2014-02-26T20:59:08.113358600Z 1258.1600: LastWriteTime: 2015-08-07T17:22:42.254795700Z 1258.1600: ChangeTime: 2015-08-08T23:09:55.668512900Z 1258.1600: FileAttributes: 0x20 1258.1600: Size: 0x1bbb8 1258.1600: NT Headers: 0x108 1258.1600: Timestamp: 0x55b66ba8 1258.1600: Machine: 0x14c - i386 1258.1600: Timestamp: 0x55b66ba8 1258.1600: Image Version: 6.2 1258.1600: SizeOfImage: 0x1d000 (118784) 1258.1600: Resource Dir: 0x1a000 LB 0x360 1258.1600: ProductName: Avast Antivirus 1258.1600: ProductVersion: 10.3.2225.1172 1258.1600: FileVersion: 10.3.2225.1172 1258.1600: FileDescription: Stream Filter 1258.1600: \SystemRoot\System32\drivers\aswVmm.sys: 1258.1600: CreationTime: 2013-11-02T07:48:09.643026000Z 1258.1600: LastWriteTime: 2015-08-07T17:22:41.259740400Z 1258.1600: ChangeTime: 2015-08-08T23:09:55.668512900Z 1258.1600: FileAttributes: 0x20 1258.1600: Size: 0x32f18 1258.1600: NT Headers: 0x260 1258.1600: Timestamp: 0x55b66b81 1258.1600: Machine: 0x14c - i386 1258.1600: Timestamp: 0x55b66b81 1258.1600: Image Version: 6.0 1258.1600: SizeOfImage: 0x30580 (198016) 1258.1600: Resource Dir: 0x2dc80 LB 0x3a0 1258.1600: ProductName: Avast Antivirus 1258.1600: ProductVersion: 10.3.2225.1172 1258.1600: FileVersion: 10.3.2225.1172 1258.1600: FileDescription: avast! VM Monitor 1258.1600: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' 1258.1600: Calling main() 1258.1600: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 1258.1600: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' 1258.1600: SUPR3HardenedMain: Respawn #1 1258.1600: System32: \Device\HarddiskVolume3\Windows\System32 1258.1600: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS 1258.1600: KnownDllPath: C:\WINDOWS\system32 1258.1600: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 1258.1600: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe) 1258.1600: supR3HardNtEnableThreadCreation: 1258.1600: supR3HardNtDisableThreadCreation: pvLdrInitThunk=77922e70 pvNtTerminateThread=77930f10 1258.1600: supR3HardenedWinDoReSpawn(1): New child 134c.7e0 [kernel32]. 1258.1600: supR3HardNtChildGatherData: PebBaseAddress=7f57a000 cbPeb=0x250 1258.1600: supR3HardNtPuChFindNtdll: uNtDllParentAddr=778b0000 uNtDllChildAddr=778b0000 1258.1600: supR3HardenedWinSetupChildInit: uLdrInitThunk=77922e70 1258.1600: supR3HardenedWinSetupChildInit: Start child. 1258.1600: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms. 1258.1600: supR3HardNtChildPurify: Startup delay kludge #1/0: 513 ms, 0 sleeps 1258.1600: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 1258.1600: *00000000-fff8ffff 0x0001/0x0000 0x0000000 1258.1600: *00070000-00070fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 1258.1600: 00071000-000e6fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 1258.1600: 000e7000-000e7fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 1258.1600: 000e8000-00121fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 1258.1600: 00122000-00122fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 1258.1600: 00123000-00123fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 1258.1600: 00124000-00124fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 1258.1600: 00125000-00125fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 1258.1600: 00126000-00127fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 1258.1600: 00128000-0012afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 1258.1600: 0012b000-0016efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 1258.1600: 0016f000-ff9ddfff 0x0001/0x0000 0x0000000 1258.1600: *00900000-008dffff 0x0004/0x0004 0x0020000 1258.1600: *00920000-0090bfff 0x0002/0x0002 0x0040000 1258.1600: 00934000-00927fff 0x0001/0x0000 0x0000000 1258.1600: *00940000-00842fff 0x0000/0x0004 0x0020000 1258.1600: 00a3d000-00a3afff 0x0104/0x0004 0x0020000 1258.1600: 00a3f000-00a3dfff 0x0004/0x0004 0x0020000 1258.1600: *00a40000-00a3bfff 0x0002/0x0002 0x0040000 1258.1600: 00a44000-00a37fff 0x0001/0x0000 0x0000000 1258.1600: *00a50000-00a4dfff 0x0004/0x0004 0x0020000 1258.1600: 00a52000-89bf3fff 0x0001/0x0000 0x0000000 1258.1600: *778b0000-778b0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 1258.1600: 778b1000-779b5fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 1258.1600: 779b6000-779bafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 1258.1600: 779bb000-779bbfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 1258.1600: 779bc000-779bdfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 1258.1600: 779be000-77a28fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 1258.1600: 77a29000-6ff01fff 0x0001/0x0000 0x0000000 1258.1600: *7f550000-7f52cfff 0x0002/0x0002 0x0040000 1258.1600: 7f573000-7f56bfff 0x0001/0x0000 0x0000000 1258.1600: *7f57a000-7f578fff 0x0004/0x0004 0x0020000 1258.1600: 7f57b000-7f576fff 0x0001/0x0000 0x0000000 1258.1600: *7f57f000-7f57dfff 0x0004/0x0004 0x0020000 1258.1600: 7f580000-7eb1ffff 0x0001/0x0000 0x0000000 1258.1600: *7ffe0000-7ffdefff 0x0002/0x0002 0x0020000 1258.1600: 7ffe1000-7ffd1fff 0x0001/0x0002 0x0020000 1258.1600: VirtualBox.exe: timestamp 0x55c8192d (rc=VINF_SUCCESS) 1258.1600: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 1258.1600: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports 1258.1600: supR3HardNtChildPurify: Done after 574 ms and 0 fixes (loop #0). 1258.1600: supR3HardNtEnableThreadCreation: 134c.7e0: Log file opened: 5.0.1r102010 g_hStartupLog=00000004 g_uNtVerCombined=0xa0280000 134c.7e0: supR3HardenedVmProcessInit: uNtDllAddr=778b0000 134c.7e0: ntdll.dll: timestamp 0x55c599e6 (rc=VINF_SUCCESS) 134c.7e0: New simple heap: #1 00b60000 LB 0x400000 (for 1544192 allocation) 134c.7e0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' 134c.7e0: System32: \Device\HarddiskVolume3\Windows\System32 134c.7e0: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS 134c.7e0: KnownDllPath: C:\WINDOWS\system32 134c.7e0: supR3HardenedVmProcessInit: Opening vboxdrv stub... 134c.7e0: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 134c.7e0: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 134c.7e0: Registered Dll notification callback with NTDLL. 134c.7e0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll) 134c.7e0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll 134c.7e0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=00000801: [calling] 134c.7e0: supR3HardenedDllNotificationCallback: load 751c0000 LB 0x00177000 C:\WINDOWS\system32\KERNELBASE.dll [fFlags=0x0] 134c.7e0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll) 134c.7e0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll 134c.7e0: supR3HardenedDllNotificationCallback: load 75a80000 LB 0x00095000 C:\WINDOWS\system32\KERNEL32.DLL [fFlags=0x0] 134c.7e0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 134c.7e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75a80000 'C:\WINDOWS\system32\KERNEL32.DLL' 134c.7e0: supR3HardenedDllNotificationCallback: load 00070000 LB 0x000ff000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0] 134c.7e0: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 134c.7e0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe) 134c.7e0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 134c.7e0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=77922e70 pvNtTerminateThread=77930f10 1258.1600: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 132 ms. 134c.7e0: \SystemRoot\System32\ntdll.dll: 134c.7e0: CreationTime: 2015-08-11T17:43:28.598759600Z 134c.7e0: LastWriteTime: 2015-08-08T06:59:45.320134700Z 134c.7e0: ChangeTime: 2015-08-14T18:58:38.110460300Z 134c.7e0: FileAttributes: 0x20 134c.7e0: Size: 0x176c38 134c.7e0: NT Headers: 0xf0 134c.7e0: Timestamp: 0x55c599e6 134c.7e0: Machine: 0x14c - i386 134c.7e0: Timestamp: 0x55c599e6 134c.7e0: Image Version: 10.0 134c.7e0: SizeOfImage: 0x179000 (1544192) 134c.7e0: Resource Dir: 0x10e000 LB 0x65718 134c.7e0: ProductName: Microsoft® Windows® Operating System 134c.7e0: ProductVersion: 10.0.10240.16430 134c.7e0: FileVersion: 10.0.10240.16430 (th1.150807-2049) 134c.7e0: FileDescription: NT Layer DLL 134c.7e0: \SystemRoot\System32\kernel32.dll: 134c.7e0: CreationTime: 2015-07-10T08:24:38.139724700Z 134c.7e0: LastWriteTime: 2015-07-10T08:24:38.139724700Z 134c.7e0: ChangeTime: 2015-08-09T00:22:19.540168900Z 134c.7e0: FileAttributes: 0x20 134c.7e0: Size: 0x986b8 134c.7e0: NT Headers: 0xf8 134c.7e0: Timestamp: 0x559f3b86 134c.7e0: Machine: 0x14c - i386 134c.7e0: Timestamp: 0x559f3b86 134c.7e0: Image Version: 10.0 134c.7e0: SizeOfImage: 0x95000 (610304) 134c.7e0: Resource Dir: 0x8f000 LB 0x518 134c.7e0: ProductName: Microsoft® Windows® Operating System 134c.7e0: ProductVersion: 10.0.10240.16384 134c.7e0: FileVersion: 10.0.10240.16384 (th1.150709-1700) 134c.7e0: FileDescription: Windows NT BASE API Client DLL 134c.7e0: \SystemRoot\System32\KernelBase.dll: 134c.7e0: CreationTime: 2015-07-10T08:24:56.031660300Z 134c.7e0: LastWriteTime: 2015-07-10T08:24:56.047288800Z 134c.7e0: ChangeTime: 2015-08-09T00:22:19.555793500Z 134c.7e0: FileAttributes: 0x20 134c.7e0: Size: 0x175610 134c.7e0: NT Headers: 0xf0 134c.7e0: Timestamp: 0x559f3b4c 134c.7e0: Machine: 0x14c - i386 134c.7e0: Timestamp: 0x559f3b4c 134c.7e0: Image Version: 10.0 134c.7e0: SizeOfImage: 0x177000 (1536000) 134c.7e0: Resource Dir: 0x15b000 LB 0x530 134c.7e0: ProductName: Microsoft® Windows® Operating System 134c.7e0: ProductVersion: 10.0.10240.16384 134c.7e0: FileVersion: 10.0.10240.16384 (th1.150709-1700) 134c.7e0: FileDescription: Windows NT BASE API Client DLL 134c.7e0: \SystemRoot\System32\apisetschema.dll: 134c.7e0: CreationTime: 2015-07-10T08:24:49.281165400Z 134c.7e0: LastWriteTime: 2015-07-10T08:24:49.281165400Z 134c.7e0: ChangeTime: 2015-08-09T00:22:17.555789100Z 134c.7e0: FileAttributes: 0x20 134c.7e0: Size: 0x16560 134c.7e0: NT Headers: 0xc8 134c.7e0: Timestamp: 0x559f4063 134c.7e0: Machine: 0x14c - i386 134c.7e0: Timestamp: 0x559f4063 134c.7e0: Image Version: 10.0 134c.7e0: SizeOfImage: 0x17000 (94208) 134c.7e0: Resource Dir: 0x16000 LB 0x3f0 134c.7e0: ProductName: Microsoft® Windows® Operating System 134c.7e0: ProductVersion: 10.0.10240.16384 134c.7e0: FileVersion: 10.0.10240.16384 (th1.150709-1700) 134c.7e0: FileDescription: ApiSet Schema DLL 134c.7e0: NtOpenDirectoryObject failed on \Driver: 0xc0000022 134c.7e0: supR3HardenedWinFindAdversaries: 0x4 134c.7e0: \SystemRoot\System32\drivers\aswHwid.sys: 134c.7e0: CreationTime: 2014-08-01T17:41:53.540271500Z 134c.7e0: LastWriteTime: 2015-08-07T17:22:40.359690200Z 134c.7e0: ChangeTime: 2015-08-08T23:09:55.652887500Z 134c.7e0: FileAttributes: 0x20 134c.7e0: Size: 0x5dd0 134c.7e0: NT Headers: 0x260 134c.7e0: Timestamp: 0x55b6652c 134c.7e0: Machine: 0x14c - i386 134c.7e0: Timestamp: 0x55b6652c 134c.7e0: Image Version: 6.0 134c.7e0: SizeOfImage: 0x3880 (14464) 134c.7e0: Resource Dir: 0x3200 LB 0x398 134c.7e0: ProductName: Avast Antivirus 134c.7e0: ProductVersion: 10.3.2225.1172 134c.7e0: FileVersion: 10.3.2225.1172 134c.7e0: FileDescription: avast! HWID 134c.7e0: \SystemRoot\System32\drivers\aswMonFlt.sys: 134c.7e0: CreationTime: 2013-11-02T07:48:09.634025400Z 134c.7e0: LastWriteTime: 2015-08-07T17:22:40.447694600Z 134c.7e0: ChangeTime: 2015-08-08T23:09:55.652887500Z 134c.7e0: FileAttributes: 0x20 134c.7e0: Size: 0x128e0 134c.7e0: NT Headers: 0xe8 134c.7e0: Timestamp: 0x55b6650d 134c.7e0: Machine: 0x14c - i386 134c.7e0: Timestamp: 0x55b6650d 134c.7e0: Image Version: 6.0 134c.7e0: SizeOfImage: 0x1e000 (122880) 134c.7e0: Resource Dir: 0x1c000 LB 0x3c0 134c.7e0: ProductName: Avast Antivirus 134c.7e0: ProductVersion: 10.3.2225.1172 134c.7e0: FileVersion: 10.3.2225.1172 134c.7e0: FileDescription: avast! File System Minifilter for Windows 2003/Vista 134c.7e0: \SystemRoot\System32\drivers\aswRdr2.sys: 134c.7e0: CreationTime: 2013-11-02T07:48:09.630025300Z 134c.7e0: LastWriteTime: 2015-08-07T17:22:39.832660100Z 134c.7e0: ChangeTime: 2015-08-08T23:09:55.652887500Z 134c.7e0: FileAttributes: 0x20 134c.7e0: Size: 0x13f40 134c.7e0: NT Headers: 0xe0 134c.7e0: Timestamp: 0x55b6652b 134c.7e0: Machine: 0x14c - i386 134c.7e0: Timestamp: 0x55b6652b 134c.7e0: Image Version: 6.1 134c.7e0: SizeOfImage: 0x19000 (102400) 134c.7e0: Resource Dir: 0x16000 LB 0x3a8 134c.7e0: ProductName: Avast Antivirus 134c.7e0: ProductVersion: 10.3.2225.1172 134c.7e0: FileVersion: 10.3.2225.1172 built by: WinDDK 134c.7e0: FileDescription: avast! WFP Redirect Driver 134c.7e0: \SystemRoot\System32\drivers\aswRvrt.sys: 134c.7e0: CreationTime: 2013-11-02T07:48:09.639025500Z 134c.7e0: LastWriteTime: 2015-08-07T17:22:40.567702000Z 134c.7e0: ChangeTime: 2015-08-08T23:09:55.652887500Z 134c.7e0: FileAttributes: 0x20 134c.7e0: Size: 0xc270 134c.7e0: NT Headers: 0x258 134c.7e0: Timestamp: 0x55b664fe 134c.7e0: Machine: 0x14c - i386 134c.7e0: Timestamp: 0x55b664fe 134c.7e0: Image Version: 6.0 134c.7e0: SizeOfImage: 0x9c80 (40064) 134c.7e0: Resource Dir: 0x9200 LB 0x398 134c.7e0: ProductName: Avast Antivirus 134c.7e0: ProductVersion: 10.3.2225.1172 134c.7e0: FileVersion: 10.3.2225.1172 134c.7e0: FileDescription: avast! Revert 134c.7e0: \SystemRoot\System32\drivers\aswSnx.sys: 134c.7e0: CreationTime: 2013-11-02T07:48:09.636025400Z 134c.7e0: LastWriteTime: 2015-08-07T17:20:57.421935200Z 134c.7e0: ChangeTime: 2015-08-08T23:09:55.668512900Z 134c.7e0: FileAttributes: 0x20 134c.7e0: Size: 0xc0930 134c.7e0: NT Headers: 0xe0 134c.7e0: Timestamp: 0x55b6656c 134c.7e0: Machine: 0x14c - i386 134c.7e0: Timestamp: 0x55b6656c 134c.7e0: Image Version: 6.0 134c.7e0: SizeOfImage: 0xc4000 (802816) 134c.7e0: Resource Dir: 0xb5000 LB 0x388 134c.7e0: ProductName: Avast Antivirus 134c.7e0: ProductVersion: 10.3.2225.1172 134c.7e0: FileVersion: 10.3.2225.1172 134c.7e0: FileDescription: avast! Virtualization Driver 134c.7e0: \SystemRoot\System32\drivers\aswsp.sys: 134c.7e0: CreationTime: 2013-11-02T07:48:09.641025500Z 134c.7e0: LastWriteTime: 2015-08-07T17:22:41.068729800Z 134c.7e0: ChangeTime: 2015-08-08T23:09:55.668512900Z 134c.7e0: FileAttributes: 0x20 134c.7e0: Size: 0x69c70 134c.7e0: NT Headers: 0x270 134c.7e0: Timestamp: 0x55b66b88 134c.7e0: Machine: 0x14c - i386 134c.7e0: Timestamp: 0x55b66b88 134c.7e0: Image Version: 6.0 134c.7e0: SizeOfImage: 0x66d80 (421248) 134c.7e0: Resource Dir: 0x61e80 LB 0x380 134c.7e0: ProductName: Avast Antivirus 134c.7e0: ProductVersion: 10.3.2225.1172 134c.7e0: FileVersion: 10.3.2225.1172 134c.7e0: FileDescription: avast! self protection module 134c.7e0: \SystemRoot\System32\drivers\aswStm.sys: 134c.7e0: CreationTime: 2014-02-26T20:59:08.113358600Z 134c.7e0: LastWriteTime: 2015-08-07T17:22:42.254795700Z 134c.7e0: ChangeTime: 2015-08-08T23:09:55.668512900Z 134c.7e0: FileAttributes: 0x20 134c.7e0: Size: 0x1bbb8 134c.7e0: NT Headers: 0x108 134c.7e0: Timestamp: 0x55b66ba8 134c.7e0: Machine: 0x14c - i386 134c.7e0: Timestamp: 0x55b66ba8 134c.7e0: Image Version: 6.2 134c.7e0: SizeOfImage: 0x1d000 (118784) 134c.7e0: Resource Dir: 0x1a000 LB 0x360 134c.7e0: ProductName: Avast Antivirus 134c.7e0: ProductVersion: 10.3.2225.1172 134c.7e0: FileVersion: 10.3.2225.1172 134c.7e0: FileDescription: Stream Filter 134c.7e0: \SystemRoot\System32\drivers\aswVmm.sys: 134c.7e0: CreationTime: 2013-11-02T07:48:09.643026000Z 134c.7e0: LastWriteTime: 2015-08-07T17:22:41.259740400Z 134c.7e0: ChangeTime: 2015-08-08T23:09:55.668512900Z 134c.7e0: FileAttributes: 0x20 134c.7e0: Size: 0x32f18 134c.7e0: NT Headers: 0x260 134c.7e0: Timestamp: 0x55b66b81 134c.7e0: Machine: 0x14c - i386 134c.7e0: Timestamp: 0x55b66b81 134c.7e0: Image Version: 6.0 134c.7e0: SizeOfImage: 0x30580 (198016) 134c.7e0: Resource Dir: 0x2dc80 LB 0x3a0 134c.7e0: ProductName: Avast Antivirus 134c.7e0: ProductVersion: 10.3.2225.1172 134c.7e0: FileVersion: 10.3.2225.1172 134c.7e0: FileDescription: avast! VM Monitor 134c.7e0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' 134c.7e0: Calling main() 134c.7e0: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 134c.7e0: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' 134c.7e0: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 134c.7e0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe) 134c.7e0: SUPR3HardenedMain: Respawn #2 134c.7e0: supR3HardNtEnableThreadCreation: 134c.7e0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=77922e70 pvNtTerminateThread=77930f10 134c.7e0: supR3HardenedWinDoReSpawn(2): New child 12c8.804 [kernel32]. 134c.7e0: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless) 134c.7e0: supR3HardNtChildGatherData: PebBaseAddress=7f434000 cbPeb=0x250 134c.7e0: supR3HardNtPuChFindNtdll: uNtDllParentAddr=778b0000 uNtDllChildAddr=778b0000 134c.7e0: supR3HardenedWinSetupChildInit: uLdrInitThunk=77922e70 134c.7e0: supR3HardenedWinSetupChildInit: Start child. 134c.7e0: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. 134c.7e0: supR3HardNtChildPurify: Startup delay kludge #1/0: 513 ms, 0 sleeps 134c.7e0: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 134c.7e0: *00000000-fff8ffff 0x0001/0x0000 0x0000000 134c.7e0: *00070000-00070fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 134c.7e0: 00071000-000e6fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 134c.7e0: 000e7000-000e7fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 134c.7e0: 000e8000-00121fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 134c.7e0: 00122000-00122fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 134c.7e0: 00123000-00123fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 134c.7e0: 00124000-00124fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 134c.7e0: 00125000-00125fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 134c.7e0: 00126000-00127fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 134c.7e0: 00128000-0012afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 134c.7e0: 0012b000-0016efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 134c.7e0: 0016f000-ffaddfff 0x0001/0x0000 0x0000000 134c.7e0: *00800000-007dffff 0x0004/0x0004 0x0020000 134c.7e0: *00820000-0080bfff 0x0002/0x0002 0x0040000 134c.7e0: 00834000-00827fff 0x0001/0x0000 0x0000000 134c.7e0: *00840000-00742fff 0x0000/0x0004 0x0020000 134c.7e0: 0093d000-0093afff 0x0104/0x0004 0x0020000 134c.7e0: 0093f000-0093dfff 0x0004/0x0004 0x0020000 134c.7e0: *00940000-0093bfff 0x0002/0x0002 0x0040000 134c.7e0: 00944000-00937fff 0x0001/0x0000 0x0000000 134c.7e0: *00950000-0094dfff 0x0004/0x0004 0x0020000 134c.7e0: 00952000-899f3fff 0x0001/0x0000 0x0000000 134c.7e0: *778b0000-778b0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 134c.7e0: 778b1000-779b5fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 134c.7e0: 779b6000-779bafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 134c.7e0: 779bb000-779bbfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 134c.7e0: 779bc000-779bdfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 134c.7e0: 779be000-77a28fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 134c.7e0: 77a29000-70041fff 0x0001/0x0000 0x0000000 134c.7e0: *7f410000-7f3ecfff 0x0002/0x0002 0x0040000 134c.7e0: 7f433000-7f431fff 0x0001/0x0000 0x0000000 134c.7e0: *7f434000-7f432fff 0x0004/0x0004 0x0020000 134c.7e0: 7f435000-7f42afff 0x0001/0x0000 0x0000000 134c.7e0: *7f43f000-7f43dfff 0x0004/0x0004 0x0020000 134c.7e0: 7f440000-7e89ffff 0x0001/0x0000 0x0000000 134c.7e0: *7ffe0000-7ffdefff 0x0002/0x0002 0x0020000 134c.7e0: 7ffe1000-7ffd1fff 0x0001/0x0002 0x0020000 134c.7e0: VirtualBox.exe: timestamp 0x55c8192d (rc=VINF_SUCCESS) 134c.7e0: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 134c.7e0: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports 134c.7e0: supR3HardNtChildPurify: Done after 567 ms and 0 fixes (loop #0). 12c8.804: Log file opened: 5.0.1r102010 g_hStartupLog=00000004 g_uNtVerCombined=0xa0280000 12c8.804: supR3HardenedVmProcessInit: uNtDllAddr=778b0000 134c.7e0: supR3HardenedEarlyCompact: Removed heap 1 (0xb60000 LB 0x400000) 134c.7e0: supR3HardNtEnableThreadCreation: 12c8.804: ntdll.dll: timestamp 0x55c599e6 (rc=VINF_SUCCESS) 12c8.804: New simple heap: #1 00a60000 LB 0x400000 (for 1544192 allocation) 12c8.804: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' 12c8.804: System32: \Device\HarddiskVolume3\Windows\System32 12c8.804: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS 12c8.804: KnownDllPath: C:\WINDOWS\system32 12c8.804: supR3HardenedVmProcessInit: Opening vboxdrv... 12c8.804: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 12c8.804: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 12c8.804: Registered Dll notification callback with NTDLL. 12c8.804: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll) 12c8.804: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll 12c8.804: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=00000801: [calling] 12c8.804: supR3HardenedDllNotificationCallback: load 751c0000 LB 0x00177000 C:\WINDOWS\system32\KERNELBASE.dll [fFlags=0x0] 12c8.804: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll) 12c8.804: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll 12c8.804: supR3HardenedDllNotificationCallback: load 75a80000 LB 0x00095000 C:\WINDOWS\system32\KERNEL32.DLL [fFlags=0x0] 12c8.804: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 12c8.804: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75a80000 'C:\WINDOWS\system32\KERNEL32.DLL' 12c8.804: supR3HardenedDllNotificationCallback: load 00070000 LB 0x000ff000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0] 12c8.804: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 12c8.804: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe) 12c8.804: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 12c8.804: supR3HardNtDisableThreadCreation: pvLdrInitThunk=77922e70 pvNtTerminateThread=77930f10 134c.7e0: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 130 ms. 12c8.804: \SystemRoot\System32\ntdll.dll: 12c8.804: CreationTime: 2015-08-11T17:43:28.598759600Z 12c8.804: LastWriteTime: 2015-08-08T06:59:45.320134700Z 12c8.804: ChangeTime: 2015-08-14T18:58:38.110460300Z 12c8.804: FileAttributes: 0x20 12c8.804: Size: 0x176c38 12c8.804: NT Headers: 0xf0 12c8.804: Timestamp: 0x55c599e6 12c8.804: Machine: 0x14c - i386 12c8.804: Timestamp: 0x55c599e6 12c8.804: Image Version: 10.0 12c8.804: SizeOfImage: 0x179000 (1544192) 12c8.804: Resource Dir: 0x10e000 LB 0x65718 12c8.804: ProductName: Microsoft® Windows® Operating System 12c8.804: ProductVersion: 10.0.10240.16430 12c8.804: FileVersion: 10.0.10240.16430 (th1.150807-2049) 12c8.804: FileDescription: NT Layer DLL 12c8.804: \SystemRoot\System32\kernel32.dll: 12c8.804: CreationTime: 2015-07-10T08:24:38.139724700Z 12c8.804: LastWriteTime: 2015-07-10T08:24:38.139724700Z 12c8.804: ChangeTime: 2015-08-09T00:22:19.540168900Z 12c8.804: FileAttributes: 0x20 12c8.804: Size: 0x986b8 12c8.804: NT Headers: 0xf8 12c8.804: Timestamp: 0x559f3b86 12c8.804: Machine: 0x14c - i386 12c8.804: Timestamp: 0x559f3b86 12c8.804: Image Version: 10.0 12c8.804: SizeOfImage: 0x95000 (610304) 12c8.804: Resource Dir: 0x8f000 LB 0x518 12c8.804: ProductName: Microsoft® Windows® Operating System 12c8.804: ProductVersion: 10.0.10240.16384 12c8.804: FileVersion: 10.0.10240.16384 (th1.150709-1700) 12c8.804: FileDescription: Windows NT BASE API Client DLL 12c8.804: \SystemRoot\System32\KernelBase.dll: 12c8.804: CreationTime: 2015-07-10T08:24:56.031660300Z 12c8.804: LastWriteTime: 2015-07-10T08:24:56.047288800Z 12c8.804: ChangeTime: 2015-08-09T00:22:19.555793500Z 12c8.804: FileAttributes: 0x20 12c8.804: Size: 0x175610 12c8.804: NT Headers: 0xf0 12c8.804: Timestamp: 0x559f3b4c 12c8.804: Machine: 0x14c - i386 12c8.804: Timestamp: 0x559f3b4c 12c8.804: Image Version: 10.0 12c8.804: SizeOfImage: 0x177000 (1536000) 12c8.804: Resource Dir: 0x15b000 LB 0x530 12c8.804: ProductName: Microsoft® Windows® Operating System 12c8.804: ProductVersion: 10.0.10240.16384 12c8.804: FileVersion: 10.0.10240.16384 (th1.150709-1700) 12c8.804: FileDescription: Windows NT BASE API Client DLL 12c8.804: \SystemRoot\System32\apisetschema.dll: 12c8.804: CreationTime: 2015-07-10T08:24:49.281165400Z 12c8.804: LastWriteTime: 2015-07-10T08:24:49.281165400Z 12c8.804: ChangeTime: 2015-08-09T00:22:17.555789100Z 12c8.804: FileAttributes: 0x20 12c8.804: Size: 0x16560 12c8.804: NT Headers: 0xc8 12c8.804: Timestamp: 0x559f4063 12c8.804: Machine: 0x14c - i386 12c8.804: Timestamp: 0x559f4063 12c8.804: Image Version: 10.0 12c8.804: SizeOfImage: 0x17000 (94208) 12c8.804: Resource Dir: 0x16000 LB 0x3f0 12c8.804: ProductName: Microsoft® Windows® Operating System 12c8.804: ProductVersion: 10.0.10240.16384 12c8.804: FileVersion: 10.0.10240.16384 (th1.150709-1700) 12c8.804: FileDescription: ApiSet Schema DLL 12c8.804: NtOpenDirectoryObject failed on \Driver: 0xc0000022 12c8.804: supR3HardenedWinFindAdversaries: 0x4 12c8.804: \SystemRoot\System32\drivers\aswHwid.sys: 12c8.804: CreationTime: 2014-08-01T17:41:53.540271500Z 12c8.804: LastWriteTime: 2015-08-07T17:22:40.359690200Z 12c8.804: ChangeTime: 2015-08-08T23:09:55.652887500Z 12c8.804: FileAttributes: 0x20 12c8.804: Size: 0x5dd0 12c8.804: NT Headers: 0x260 12c8.804: Timestamp: 0x55b6652c 12c8.804: Machine: 0x14c - i386 12c8.804: Timestamp: 0x55b6652c 12c8.804: Image Version: 6.0 12c8.804: SizeOfImage: 0x3880 (14464) 12c8.804: Resource Dir: 0x3200 LB 0x398 12c8.804: ProductName: Avast Antivirus 12c8.804: ProductVersion: 10.3.2225.1172 12c8.804: FileVersion: 10.3.2225.1172 12c8.804: FileDescription: avast! HWID 12c8.804: \SystemRoot\System32\drivers\aswMonFlt.sys: 12c8.804: CreationTime: 2013-11-02T07:48:09.634025400Z 12c8.804: LastWriteTime: 2015-08-07T17:22:40.447694600Z 12c8.804: ChangeTime: 2015-08-08T23:09:55.652887500Z 12c8.804: FileAttributes: 0x20 12c8.804: Size: 0x128e0 12c8.804: NT Headers: 0xe8 12c8.804: Timestamp: 0x55b6650d 12c8.804: Machine: 0x14c - i386 12c8.804: Timestamp: 0x55b6650d 12c8.804: Image Version: 6.0 12c8.804: SizeOfImage: 0x1e000 (122880) 12c8.804: Resource Dir: 0x1c000 LB 0x3c0 12c8.804: ProductName: Avast Antivirus 12c8.804: ProductVersion: 10.3.2225.1172 12c8.804: FileVersion: 10.3.2225.1172 12c8.804: FileDescription: avast! File System Minifilter for Windows 2003/Vista 12c8.804: \SystemRoot\System32\drivers\aswRdr2.sys: 12c8.804: CreationTime: 2013-11-02T07:48:09.630025300Z 12c8.804: LastWriteTime: 2015-08-07T17:22:39.832660100Z 12c8.804: ChangeTime: 2015-08-08T23:09:55.652887500Z 12c8.804: FileAttributes: 0x20 12c8.804: Size: 0x13f40 12c8.804: NT Headers: 0xe0 12c8.804: Timestamp: 0x55b6652b 12c8.804: Machine: 0x14c - i386 12c8.804: Timestamp: 0x55b6652b 12c8.804: Image Version: 6.1 12c8.804: SizeOfImage: 0x19000 (102400) 12c8.804: Resource Dir: 0x16000 LB 0x3a8 12c8.804: ProductName: Avast Antivirus 12c8.804: ProductVersion: 10.3.2225.1172 12c8.804: FileVersion: 10.3.2225.1172 built by: WinDDK 12c8.804: FileDescription: avast! WFP Redirect Driver 12c8.804: \SystemRoot\System32\drivers\aswRvrt.sys: 12c8.804: CreationTime: 2013-11-02T07:48:09.639025500Z 12c8.804: LastWriteTime: 2015-08-07T17:22:40.567702000Z 12c8.804: ChangeTime: 2015-08-08T23:09:55.652887500Z 12c8.804: FileAttributes: 0x20 12c8.804: Size: 0xc270 12c8.804: NT Headers: 0x258 12c8.804: Timestamp: 0x55b664fe 12c8.804: Machine: 0x14c - i386 12c8.804: Timestamp: 0x55b664fe 12c8.804: Image Version: 6.0 12c8.804: SizeOfImage: 0x9c80 (40064) 12c8.804: Resource Dir: 0x9200 LB 0x398 12c8.804: ProductName: Avast Antivirus 12c8.804: ProductVersion: 10.3.2225.1172 12c8.804: FileVersion: 10.3.2225.1172 12c8.804: FileDescription: avast! Revert 12c8.804: \SystemRoot\System32\drivers\aswSnx.sys: 12c8.804: CreationTime: 2013-11-02T07:48:09.636025400Z 12c8.804: LastWriteTime: 2015-08-07T17:20:57.421935200Z 12c8.804: ChangeTime: 2015-08-08T23:09:55.668512900Z 12c8.804: FileAttributes: 0x20 12c8.804: Size: 0xc0930 12c8.804: NT Headers: 0xe0 12c8.804: Timestamp: 0x55b6656c 12c8.804: Machine: 0x14c - i386 12c8.804: Timestamp: 0x55b6656c 12c8.804: Image Version: 6.0 12c8.804: SizeOfImage: 0xc4000 (802816) 12c8.804: Resource Dir: 0xb5000 LB 0x388 12c8.804: ProductName: Avast Antivirus 12c8.804: ProductVersion: 10.3.2225.1172 12c8.804: FileVersion: 10.3.2225.1172 12c8.804: FileDescription: avast! Virtualization Driver 12c8.804: \SystemRoot\System32\drivers\aswsp.sys: 12c8.804: CreationTime: 2013-11-02T07:48:09.641025500Z 12c8.804: LastWriteTime: 2015-08-07T17:22:41.068729800Z 12c8.804: ChangeTime: 2015-08-08T23:09:55.668512900Z 12c8.804: FileAttributes: 0x20 12c8.804: Size: 0x69c70 12c8.804: NT Headers: 0x270 12c8.804: Timestamp: 0x55b66b88 12c8.804: Machine: 0x14c - i386 12c8.804: Timestamp: 0x55b66b88 12c8.804: Image Version: 6.0 12c8.804: SizeOfImage: 0x66d80 (421248) 12c8.804: Resource Dir: 0x61e80 LB 0x380 12c8.804: ProductName: Avast Antivirus 12c8.804: ProductVersion: 10.3.2225.1172 12c8.804: FileVersion: 10.3.2225.1172 12c8.804: FileDescription: avast! self protection module 12c8.804: \SystemRoot\System32\drivers\aswStm.sys: 12c8.804: CreationTime: 2014-02-26T20:59:08.113358600Z 12c8.804: LastWriteTime: 2015-08-07T17:22:42.254795700Z 12c8.804: ChangeTime: 2015-08-08T23:09:55.668512900Z 12c8.804: FileAttributes: 0x20 12c8.804: Size: 0x1bbb8 12c8.804: NT Headers: 0x108 12c8.804: Timestamp: 0x55b66ba8 12c8.804: Machine: 0x14c - i386 12c8.804: Timestamp: 0x55b66ba8 12c8.804: Image Version: 6.2 12c8.804: SizeOfImage: 0x1d000 (118784) 12c8.804: Resource Dir: 0x1a000 LB 0x360 12c8.804: ProductName: Avast Antivirus 12c8.804: ProductVersion: 10.3.2225.1172 12c8.804: FileVersion: 10.3.2225.1172 12c8.804: FileDescription: Stream Filter 12c8.804: \SystemRoot\System32\drivers\aswVmm.sys: 12c8.804: CreationTime: 2013-11-02T07:48:09.643026000Z 12c8.804: LastWriteTime: 2015-08-07T17:22:41.259740400Z 12c8.804: ChangeTime: 2015-08-08T23:09:55.668512900Z 12c8.804: FileAttributes: 0x20 12c8.804: Size: 0x32f18 12c8.804: NT Headers: 0x260 12c8.804: Timestamp: 0x55b66b81 12c8.804: Machine: 0x14c - i386 12c8.804: Timestamp: 0x55b66b81 12c8.804: Image Version: 6.0 12c8.804: SizeOfImage: 0x30580 (198016) 12c8.804: Resource Dir: 0x2dc80 LB 0x3a0 12c8.804: ProductName: Avast Antivirus 12c8.804: ProductVersion: 10.3.2225.1172 12c8.804: FileVersion: 10.3.2225.1172 12c8.804: FileDescription: avast! VM Monitor 12c8.804: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' 12c8.804: Calling main() 12c8.804: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 12c8.804: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' 12c8.804: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 12c8.804: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe) 12c8.804: SUPR3HardenedMain: Final process, opening VBoxDrv... 12c8.804: supR3HardenedEarlyCompact: Removed heap 1 (0xa60000 LB 0x400000) 12c8.804: supR3HardNtEnableThreadCreation: 12c8.804: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll) 12c8.804: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll 12c8.804: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000801: [calling] 12c8.804: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 12c8.804: supR3HardenedDllNotificationCallback: load 696e0000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0] 12c8.804: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 12c8.804: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 12c8.804: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000001: [calling] 12c8.804: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=696e0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' 12c8.804: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 12c8.804: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000001: [calling] 12c8.804: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=696e0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' 12c8.804: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=696e0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' 12c8.804: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 12c8.804: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'. 12c8.804: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'. 12c8.804: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'. 12c8.804: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wintrust.dll) 12c8.804: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wintrust.dll 12c8.804: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 12c8.804: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 12c8.804: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll) 12c8.804: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll 12c8.804: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'... 12c8.804: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008] 12c8.804: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 12c8.804: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'msasn1.dll'. 12c8.804: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\crypt32.dll) 12c8.804: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\crypt32.dll 12c8.804: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'... 12c8.804: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008] 12c8.804: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msasn1.dll) 12c8.804: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msasn1.dll 12c8.804: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 12c8.804: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 12c8.804: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcrt.dll) 12c8.804: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcrt.dll 12c8.804: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'... 12c8.804: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008] 12c8.804: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust] 12c8.804: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 12c8.804: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 12c8.804: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 12c8.804: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000801: [calling] 12c8.804: supR3HardenedDllNotificationCallback: load 772e0000 LB 0x000be000 C:\WINDOWS\system32\msvcrt.dll [fFlags=0x0] 12c8.804: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 12c8.804: supR3HardenedDllNotificationCallback: load 74a60000 LB 0x0000e000 C:\WINDOWS\system32\MSASN1.dll [fFlags=0x0] 12c8.804: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust] 12c8.804: supR3HardenedDllNotificationCallback: load 75040000 LB 0x00175000 C:\WINDOWS\system32\CRYPT32.dll [fFlags=0x0] 12c8.804: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 12c8.804: supR3HardenedDllNotificationCallback: load 76f90000 LB 0x000c2000 C:\WINDOWS\system32\RPCRT4.dll [fFlags=0x0] 12c8.804: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 12c8.804: supR3HardenedDllNotificationCallback: load 75340000 LB 0x00042000 C:\WINDOWS\system32\Wintrust.dll [fFlags=0x0] 12c8.804: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 12c8.804: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75340000 'C:\WINDOWS\system32\Wintrust.dll' 12c8.804: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcrypt.dll) 12c8.804: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcrypt.dll 12c8.804: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000801: [calling] 12c8.804: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 12c8.804: supR3HardenedDllNotificationCallback: load 74960000 LB 0x0001d000 C:\WINDOWS\system32\bcrypt.dll [fFlags=0x0] 12c8.804: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 12c8.804: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74960000 'C:\WINDOWS\system32\bcrypt.dll' 12c8.804: bcrypt.dll loaded at 74960000, BCryptOpenAlgorithmProvider at 74965cc0, preloading providers: 12c8.804: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll) 12c8.804: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll 12c8.804: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000001: [calling] 12c8.804: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust] 12c8.804: supR3HardenedDllNotificationCallback: load 74880000 LB 0x00059000 C:\WINDOWS\system32\bcryptprimitives.dll [fFlags=0x0] 12c8.804: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust] 12c8.804: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74880000 'C:\WINDOWS\system32\bcryptprimitives.dll' 12c8.804: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=00e690b8) 12c8.804: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=00e695f8) 12c8.804: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=00e698b0) 12c8.804: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=00e69b68) 12c8.804: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=00e69e20) 12c8.804: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=00e6a0d8) 12c8.804: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=00e6a390) 12c8.804: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=00e6add0) 12c8.804: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 12c8.804: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000001: [calling] 12c8.804: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75340000 'C:\Windows\System32\WINTRUST.DLL' 12c8.804: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 12c8.804: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000001: [calling] 12c8.804: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75340000 'C:\Windows\System32\WINTRUST.DLL' 12c8.804: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 12c8.804: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000001: [calling] 12c8.804: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75340000 'C:\Windows\System32\WINTRUST.DLL' 12c8.804: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 12c8.804: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000001: [calling] 12c8.804: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75340000 'C:\Windows\System32\WINTRUST.DLL' 12c8.804: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 12c8.804: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000001: [calling] 12c8.804: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75340000 'C:\Windows\System32\WINTRUST.DLL' 12c8.804: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 12c8.804: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000001: [calling] 12c8.804: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75340000 'C:\Windows\System32\WINTRUST.DLL' 12c8.804: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 12c8.804: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000001: [calling] 12c8.804: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75340000 'C:\Windows\System32\WINTRUST.DLL' 12c8.804: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcrypt.dll'. 12c8.804: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptsp.dll) 12c8.804: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptsp.dll 12c8.804: supR3HardenedDllNotificationCallback: load 743c0000 LB 0x00013000 C:\WINDOWS\SYSTEM32\CRYPTSP.dll [fFlags=0x0] 12c8.804: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptsp.dll [lacks WinVerifyTrust] 12c8.804: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'bcrypt.dll'. 12c8.804: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rsaenh.dll) 12c8.804: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 12c8.804: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'... 12c8.804: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008] 12c8.804: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 12c8.804: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'... 12c8.804: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008] 12c8.804: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 12c8.804: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000001: [calling] 12c8.804: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 12c8.804: supR3HardenedDllNotificationCallback: load 740a0000 LB 0x0002f000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0] 12c8.804: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 12c8.804: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=740a0000 'C:\WINDOWS\system32\rsaenh.dll' 12c8.804: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'. 12c8.804: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptbase.dll) 12c8.804: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptbase.dll 12c8.804: supR3HardenedDllNotificationCallback: load 744f0000 LB 0x0000a000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0] 12c8.804: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptbase.dll [lacks WinVerifyTrust] 12c8.804: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 12c8.804: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'... 12c8.804: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008] 12c8.804: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust] 12c8.804: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000001: [calling] 12c8.804: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75a80000 'C:\WINDOWS\system32\kernel32.dll' 12c8.804: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 12c8.804: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75340000 'C:\Windows\System32\WINTRUST.DLL' 12c8.804: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 12c8.804: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=00000001: [calling] 12c8.804: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75040000 'C:\WINDOWS\system32\CRYPT32.dll' 12c8.804: supR3HardenedDllNotificationCallback: load 77770000 LB 0x00019000 C:\WINDOWS\system32\imagehlp.dll [fFlags=0x0] 12c8.804: supHardenedWinVerifyImageByHandle: -> -626 (\Device\HarddiskVolume3\Windows\System32\imagehlp.dll) 12c8.804: Error (rc=0): 12c8.804: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -626 (0xfffffd8e) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume3\Windows\System32\imagehlp.dll: 12c8.804: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imagehlp.dll 12c8.804: Fatal error: 12c8.804: supR3HardenedDllNotificationCallback: supR3HardenedScreenImage failed on 'C:\WINDOWS\system32\imagehlp.dll' / '\??\C:\WINDOWS\system32\imagehlp.dll': 0xc0000190 134c.7e0: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 198 ms, the end); 1258.1600: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 968 ms, the end);