20.d84: Log file opened: 5.0.4r102546 g_hStartupLog=0000000000000010 g_uNtVerCombined=0x63258000 20.d84: \SystemRoot\System32\ntdll.dll: 20.d84: CreationTime: 2015-08-12T07:51:08.915125600Z 20.d84: LastWriteTime: 2015-07-16T00:29:35.716166500Z 20.d84: ChangeTime: 2015-08-12T07:57:42.416690600Z 20.d84: FileAttributes: 0x20 20.d84: Size: 0x1a7958 20.d84: NT Headers: 0xd8 20.d84: Timestamp: 0x55a68e0c 20.d84: Machine: 0x8664 - amd64 20.d84: Timestamp: 0x55a68e0c 20.d84: Image Version: 6.3 20.d84: SizeOfImage: 0x1ac000 (1753088) 20.d84: Resource Dir: 0x148000 LB 0x62450 20.d84: ProductName: Microsoft® Windows® Operating System 20.d84: ProductVersion: 6.3.9600.17936 20.d84: FileVersion: 6.3.9600.17936 (winblue_ltsb.150715-0840) 20.d84: FileDescription: NT Layer DLL 20.d84: \SystemRoot\System32\kernel32.dll: 20.d84: CreationTime: 2015-08-11T11:25:36.121911300Z 20.d84: LastWriteTime: 2014-10-29T04:09:24.572407200Z 20.d84: ChangeTime: 2015-09-09T08:51:17.904577200Z 20.d84: FileAttributes: 0x20 20.d84: Size: 0x13fc30 20.d84: NT Headers: 0xf8 20.d84: Timestamp: 0x545054ca 20.d84: Machine: 0x8664 - amd64 20.d84: Timestamp: 0x545054ca 20.d84: Image Version: 6.3 20.d84: SizeOfImage: 0x13e000 (1302528) 20.d84: Resource Dir: 0x12e000 LB 0x518 20.d84: ProductName: Microsoft® Windows® Operating System 20.d84: ProductVersion: 6.3.9600.17415 20.d84: FileVersion: 6.3.9600.17415 (winblue_r4.141028-1500) 20.d84: FileDescription: Windows NT BASE API Client DLL 20.d84: \SystemRoot\System32\KernelBase.dll: 20.d84: CreationTime: 2015-08-11T11:26:27.920485100Z 20.d84: LastWriteTime: 2014-10-29T03:55:08.402989600Z 20.d84: ChangeTime: 2015-09-09T08:51:18.059506300Z 20.d84: FileAttributes: 0x20 20.d84: Size: 0x114a90 20.d84: NT Headers: 0xf0 20.d84: Timestamp: 0x54505737 20.d84: Machine: 0x8664 - amd64 20.d84: Timestamp: 0x54505737 20.d84: Image Version: 6.3 20.d84: SizeOfImage: 0x115000 (1134592) 20.d84: Resource Dir: 0x110000 LB 0x3528 20.d84: ProductName: Microsoft® Windows® Operating System 20.d84: ProductVersion: 6.3.9600.17415 20.d84: FileVersion: 6.3.9600.17415 (winblue_r4.141028-1500) 20.d84: FileDescription: Windows NT BASE API Client DLL 20.d84: \SystemRoot\System32\apisetschema.dll: 20.d84: CreationTime: 2013-08-22T12:13:09.745625900Z 20.d84: LastWriteTime: 2013-08-22T12:35:12.091034400Z 20.d84: ChangeTime: 2015-08-10T13:59:38.952010500Z 20.d84: FileAttributes: 0x20 20.d84: Size: 0x11360 20.d84: NT Headers: 0xd0 20.d84: Timestamp: 0x52160049 20.d84: Machine: 0x8664 - amd64 20.d84: Timestamp: 0x52160049 20.d84: Image Version: 6.3 20.d84: SizeOfImage: 0x13000 (77824) 20.d84: Resource Dir: 0x11000 LB 0x3f8 20.d84: ProductName: Microsoft® Windows® Operating System 20.d84: ProductVersion: 6.3.9600.16384 20.d84: FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623) 20.d84: FileDescription: ApiSet Schema DLL 20.d84: Found driver KLIM6 (0x40) 20.d84: Found driver kl1 (0x40) 20.d84: Found driver kneps (0x40) 20.d84: supR3HardenedWinFindAdversaries: 0x40 20.d84: \SystemRoot\System32\drivers\kl1.sys: 20.d84: CreationTime: 2013-09-05T06:38:46.000000000Z 20.d84: LastWriteTime: 2013-09-05T06:38:46.000000000Z 20.d84: ChangeTime: 2015-08-11T14:13:34.079807000Z 20.d84: FileAttributes: 0x20 20.d84: Size: 0x75c460 20.d84: NT Headers: 0xe0 20.d84: Timestamp: 0x522826d2 20.d84: Machine: 0x8664 - amd64 20.d84: Timestamp: 0x522826d2 20.d84: Image Version: 0.0 20.d84: SizeOfImage: 0x75e000 (7725056) 20.d84: Resource Dir: 0x75c000 LB 0x448 20.d84: ProductName: Kaspersky Anti-Virus 20.d84: ProductVersion: 6.0.1.990 20.d84: FileVersion: 6.8.0.27 20.d84: FileDescription: Kaspersky Unified Driver 20.d84: \SystemRoot\System32\drivers\klflt.sys: 20.d84: CreationTime: 2015-08-11T14:13:18.039219200Z 20.d84: LastWriteTime: 2015-08-11T14:13:18.039219200Z 20.d84: ChangeTime: 2015-08-11T14:13:20.206386600Z 20.d84: FileAttributes: 0x20 20.d84: Size: 0x18060 20.d84: NT Headers: 0xe8 20.d84: Timestamp: 0x52399b87 20.d84: Machine: 0x8664 - amd64 20.d84: Timestamp: 0x52399b87 20.d84: Image Version: 6.2 20.d84: SizeOfImage: 0x24000 (147456) 20.d84: Resource Dir: 0x22000 LB 0x378 20.d84: ProductName: Kaspersky™ Anti-Virus ® 20.d84: ProductVersion: 1.2.0.29 20.d84: FileVersion: 1.2.0.29 20.d84: FileDescription: Filter Core [fre_win8_x64] 20.d84: \SystemRoot\System32\drivers\klif.sys: 20.d84: CreationTime: 2015-08-11T14:13:18.070470200Z 20.d84: LastWriteTime: 2015-08-11T14:13:18.086094800Z 20.d84: ChangeTime: 2015-08-11T14:13:20.206386600Z 20.d84: FileAttributes: 0x20 20.d84: Size: 0xa2660 20.d84: NT Headers: 0xf8 20.d84: Timestamp: 0x527a56b4 20.d84: Machine: 0x8664 - amd64 20.d84: Timestamp: 0x527a56b4 20.d84: Image Version: 6.2 20.d84: SizeOfImage: 0xaf000 (716800) 20.d84: Resource Dir: 0xad000 LB 0x388 20.d84: ProductName: Kaspersky™ Anti-Virus ® 20.d84: ProductVersion: 8.12.1.115 20.d84: FileVersion: 8.12.1.115 20.d84: FileDescription: Klif Mini-Filter [fre_win8_x64] 20.d84: \SystemRoot\System32\drivers\klim6.sys: 20.d84: CreationTime: 2013-07-11T07:54:12.000000000Z 20.d84: LastWriteTime: 2013-07-11T07:54:12.000000000Z 20.d84: ChangeTime: 2015-08-11T14:13:32.282909500Z 20.d84: FileAttributes: 0x20 20.d84: Size: 0x7660 20.d84: NT Headers: 0xe0 20.d84: Timestamp: 0x51de6494 20.d84: Machine: 0x8664 - amd64 20.d84: Timestamp: 0x51de6494 20.d84: Image Version: 6.2 20.d84: SizeOfImage: 0xa000 (40960) 20.d84: Resource Dir: 0x8000 LB 0x470 20.d84: ProductName: Kaspersky Anti-Virus 20.d84: ProductVersion: 6.0.1.990 20.d84: FileVersion: 8.0.0.71 20.d84: FileDescription: Kaspersky Lab Intermediate Network Driver 20.d84: \SystemRoot\System32\drivers\kneps.sys: 20.d84: CreationTime: 2013-07-01T13:18:10.000000000Z 20.d84: LastWriteTime: 2013-07-01T13:18:10.000000000Z 20.d84: ChangeTime: 2015-08-11T14:13:34.486061700Z 20.d84: FileAttributes: 0x20 20.d84: Size: 0x2b660 20.d84: NT Headers: 0x110 20.d84: Timestamp: 0x51d1814d 20.d84: Machine: 0x8664 - amd64 20.d84: Timestamp: 0x51d1814d 20.d84: Image Version: 6.1 20.d84: SizeOfImage: 0x2d000 (184320) 20.d84: Resource Dir: 0x2b000 LB 0x370 20.d84: ProductName: Kaspersky™ Anti-Virus ® 20.d84: ProductVersion: 5.2.1.1 20.d84: FileVersion: 5.2.1.1 built by: WinDDK 20.d84: FileDescription: KNEPS Power 20.d84: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox' 20.d84: Calling main() 20.d84: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 20.d84: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox' 20.d84: SUPR3HardenedMain: Respawn #1 20.d84: System32: \Device\HarddiskVolume1\Windows\System32 20.d84: WinSxS: \Device\HarddiskVolume1\Windows\WinSxS 20.d84: KnownDllPath: C:\Windows\system32 20.d84: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 20.d84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe) 20.d84: supR3HardNtEnableThreadCreation: 20.d84: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffc7f988ec0 pvNtTerminateThread=00007ffc7fa01700 20.d84: supR3HardenedWinDoReSpawn(1): New child 136c.1160 [kernel32]. 20.d84: supR3HardNtChildGatherData: PebBaseAddress=00007ff7bda6f000 cbPeb=0x388 20.d84: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffc7f970000 uNtDllChildAddr=00007ffc7f970000 20.d84: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffc7f988ec0 20.d84: supR3HardenedWinSetupChildInit: Start child. 20.d84: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. 20.d84: supR3HardNtChildPurify: Startup delay kludge #1/0: 520 ms, 49 sleeps 20.d84: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 20.d84: *0000000000000000-ffffffffff06ffff 0x0001/0x0000 0x0000000 20.d84: *0000000000f90000-0000000000f6ffff 0x0004/0x0004 0x0020000 20.d84: *0000000000fb0000-0000000000fa0fff 0x0002/0x0002 0x0040000 20.d84: 0000000000fbf000-0000000000fbdfff 0x0001/0x0000 0x0000000 20.d84: *0000000000fc0000-0000000000ec3fff 0x0000/0x0004 0x0020000 20.d84: 00000000010bc000-00000000010b8fff 0x0104/0x0004 0x0020000 20.d84: 00000000010bf000-00000000010bdfff 0x0004/0x0004 0x0020000 20.d84: *00000000010c0000-00000000010bbfff 0x0002/0x0002 0x0040000 20.d84: 00000000010c4000-00000000010b7fff 0x0001/0x0000 0x0000000 20.d84: *00000000010d0000-00000000010cdfff 0x0004/0x0004 0x0020000 20.d84: 00000000010d2000-ffffffff821c3fff 0x0001/0x0000 0x0000000 20.d84: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000 20.d84: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000 20.d84: 000000007fff0000-ffff80094259ffff 0x0001/0x0000 0x0000000 20.d84: *00007ff7bda40000-00007ff7bda1cfff 0x0002/0x0002 0x0040000 20.d84: 00007ff7bda63000-00007ff7bda58fff 0x0001/0x0000 0x0000000 20.d84: *00007ff7bda6d000-00007ff7bda6afff 0x0004/0x0004 0x0020000 20.d84: *00007ff7bda6f000-00007ff7bda6dfff 0x0004/0x0004 0x0020000 20.d84: 00007ff7bda70000-00007ff7bd32ffff 0x0001/0x0000 0x0000000 20.d84: *00007ff7be1b0000-00007ff7be1b0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 20.d84: 00007ff7be1b1000-00007ff7be237fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 20.d84: 00007ff7be238000-00007ff7be238fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 20.d84: 00007ff7be239000-00007ff7be283fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 20.d84: 00007ff7be284000-00007ff7be284fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 20.d84: 00007ff7be285000-00007ff7be285fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 20.d84: 00007ff7be286000-00007ff7be28afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 20.d84: 00007ff7be28b000-00007ff7be28bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 20.d84: 00007ff7be28c000-00007ff7be28cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 20.d84: 00007ff7be28d000-00007ff7be290fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 20.d84: 00007ff7be291000-00007ff7be2dbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 20.d84: 00007ff7be2dc000-00007ff2fcc47fff 0x0001/0x0000 0x0000000 20.d84: *00007ffc7f970000-00007ffc7f970fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 20.d84: 00007ffc7f971000-00007ffc7fa9cfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 20.d84: 00007ffc7fa9d000-00007ffc7faa2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 20.d84: 00007ffc7faa3000-00007ffc7faaffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 20.d84: 00007ffc7fab0000-00007ffc7fab0fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 20.d84: 00007ffc7fab1000-00007ffc7fab3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 20.d84: 00007ffc7fab4000-00007ffc7fab4fff 0x0010/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 20.d84: 00007ffc7fab5000-00007ffc7fb1bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 20.d84: 00007ffc7fb1c000-00007ff8ff657fff 0x0001/0x0000 0x0000000 20.d84: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000 20.d84: VirtualBox.exe: timestamp 0x55eeaed7 (rc=VINF_SUCCESS) 20.d84: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 20.d84: '\Device\HarddiskVolume1\Windows\System32\ntdll.dll' has no imports 20.d84: supR3HardNtChildPurify: Done after 598 ms and 0 fixes (loop #0). 136c.1160: Log file opened: 5.0.4r102546 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x63258000 136c.1160: supR3HardenedVmProcessInit: uNtDllAddr=00007ffc7f970000 136c.1160: ntdll.dll: timestamp 0x55a68e0c (rc=VINF_SUCCESS) 136c.1160: New simple heap: #1 00000000011e0000 LB 0x400000 (for 1753088 allocation) 20.d84: supR3HardNtEnableThreadCreation: 136c.1160: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox' 136c.1160: System32: \Device\HarddiskVolume1\Windows\System32 136c.1160: WinSxS: \Device\HarddiskVolume1\Windows\WinSxS 136c.1160: KnownDllPath: C:\Windows\system32 136c.1160: supR3HardenedVmProcessInit: Opening vboxdrv stub... 136c.1160: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 136c.1160: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 136c.1160: Registered Dll notification callback with NTDLL. 136c.1160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\kernel32.dll) 136c.1160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\kernel32.dll 136c.1160: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801: [calling] 136c.1160: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 136c.1160: supR3HardenedDllNotificationCallback: load 00007ffc7cba0000 LB 0x00115000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0] 136c.1160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\KernelBase.dll) 136c.1160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\KernelBase.dll 136c.1160: supR3HardenedDllNotificationCallback: load 00007ffc7dd10000 LB 0x0013e000 C:\Windows\system32\KERNEL32.DLL [fFlags=0x0] 136c.1160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 136c.1160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc7dd10000 'C:\Windows\system32\KERNEL32.DLL' 136c.1160: supR3HardenedDllNotificationCallback: load 00007ff7be1b0000 LB 0x0012c000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0] 136c.1160: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 136c.1160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe) 136c.1160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 136c.1160: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffc7f988ec0 pvNtTerminateThread=00007ffc7fa01700 20.d84: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 61 ms. 136c.1160: \SystemRoot\System32\ntdll.dll: 136c.1160: CreationTime: 2015-08-12T07:51:08.915125600Z 136c.1160: LastWriteTime: 2015-07-16T00:29:35.716166500Z 136c.1160: ChangeTime: 2015-08-12T07:57:42.416690600Z 136c.1160: FileAttributes: 0x20 136c.1160: Size: 0x1a7958 136c.1160: NT Headers: 0xd8 136c.1160: Timestamp: 0x55a68e0c 136c.1160: Machine: 0x8664 - amd64 136c.1160: Timestamp: 0x55a68e0c 136c.1160: Image Version: 6.3 136c.1160: SizeOfImage: 0x1ac000 (1753088) 136c.1160: Resource Dir: 0x148000 LB 0x62450 136c.1160: ProductName: Microsoft® Windows® Operating System 136c.1160: ProductVersion: 6.3.9600.17936 136c.1160: FileVersion: 6.3.9600.17936 (winblue_ltsb.150715-0840) 136c.1160: FileDescription: NT Layer DLL 136c.1160: \SystemRoot\System32\kernel32.dll: 136c.1160: CreationTime: 2015-08-11T11:25:36.121911300Z 136c.1160: LastWriteTime: 2014-10-29T04:09:24.572407200Z 136c.1160: ChangeTime: 2015-09-09T08:51:17.904577200Z 136c.1160: FileAttributes: 0x20 136c.1160: Size: 0x13fc30 136c.1160: NT Headers: 0xf8 136c.1160: Timestamp: 0x545054ca 136c.1160: Machine: 0x8664 - amd64 136c.1160: Timestamp: 0x545054ca 136c.1160: Image Version: 6.3 136c.1160: SizeOfImage: 0x13e000 (1302528) 136c.1160: Resource Dir: 0x12e000 LB 0x518 136c.1160: ProductName: Microsoft® Windows® Operating System 136c.1160: ProductVersion: 6.3.9600.17415 136c.1160: FileVersion: 6.3.9600.17415 (winblue_r4.141028-1500) 136c.1160: FileDescription: Windows NT BASE API Client DLL 136c.1160: \SystemRoot\System32\KernelBase.dll: 136c.1160: CreationTime: 2015-08-11T11:26:27.920485100Z 136c.1160: LastWriteTime: 2014-10-29T03:55:08.402989600Z 136c.1160: ChangeTime: 2015-09-09T08:51:18.059506300Z 136c.1160: FileAttributes: 0x20 136c.1160: Size: 0x114a90 136c.1160: NT Headers: 0xf0 136c.1160: Timestamp: 0x54505737 136c.1160: Machine: 0x8664 - amd64 136c.1160: Timestamp: 0x54505737 136c.1160: Image Version: 6.3 136c.1160: SizeOfImage: 0x115000 (1134592) 136c.1160: Resource Dir: 0x110000 LB 0x3528 136c.1160: ProductName: Microsoft® Windows® Operating System 136c.1160: ProductVersion: 6.3.9600.17415 136c.1160: FileVersion: 6.3.9600.17415 (winblue_r4.141028-1500) 136c.1160: FileDescription: Windows NT BASE API Client DLL 136c.1160: \SystemRoot\System32\apisetschema.dll: 136c.1160: CreationTime: 2013-08-22T12:13:09.745625900Z 136c.1160: LastWriteTime: 2013-08-22T12:35:12.091034400Z 136c.1160: ChangeTime: 2015-08-10T13:59:38.952010500Z 136c.1160: FileAttributes: 0x20 136c.1160: Size: 0x11360 136c.1160: NT Headers: 0xd0 136c.1160: Timestamp: 0x52160049 136c.1160: Machine: 0x8664 - amd64 136c.1160: Timestamp: 0x52160049 136c.1160: Image Version: 6.3 136c.1160: SizeOfImage: 0x13000 (77824) 136c.1160: Resource Dir: 0x11000 LB 0x3f8 136c.1160: ProductName: Microsoft® Windows® Operating System 136c.1160: ProductVersion: 6.3.9600.16384 136c.1160: FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623) 136c.1160: FileDescription: ApiSet Schema DLL 136c.1160: Found driver KLIM6 (0x40) 136c.1160: Found driver kl1 (0x40) 136c.1160: Found driver kneps (0x40) 136c.1160: supR3HardenedWinFindAdversaries: 0x40 136c.1160: \SystemRoot\System32\drivers\kl1.sys: 136c.1160: CreationTime: 2013-09-05T06:38:46.000000000Z 136c.1160: LastWriteTime: 2013-09-05T06:38:46.000000000Z 136c.1160: ChangeTime: 2015-08-11T14:13:34.079807000Z 136c.1160: FileAttributes: 0x20 136c.1160: Size: 0x75c460 136c.1160: NT Headers: 0xe0 136c.1160: Timestamp: 0x522826d2 136c.1160: Machine: 0x8664 - amd64 136c.1160: Timestamp: 0x522826d2 136c.1160: Image Version: 0.0 136c.1160: SizeOfImage: 0x75e000 (7725056) 136c.1160: Resource Dir: 0x75c000 LB 0x448 136c.1160: ProductName: Kaspersky Anti-Virus 136c.1160: ProductVersion: 6.0.1.990 136c.1160: FileVersion: 6.8.0.27 136c.1160: FileDescription: Kaspersky Unified Driver 136c.1160: \SystemRoot\System32\drivers\klflt.sys: 136c.1160: CreationTime: 2015-08-11T14:13:18.039219200Z 136c.1160: LastWriteTime: 2015-08-11T14:13:18.039219200Z 136c.1160: ChangeTime: 2015-08-11T14:13:20.206386600Z 136c.1160: FileAttributes: 0x20 136c.1160: Size: 0x18060 136c.1160: NT Headers: 0xe8 136c.1160: Timestamp: 0x52399b87 136c.1160: Machine: 0x8664 - amd64 136c.1160: Timestamp: 0x52399b87 136c.1160: Image Version: 6.2 136c.1160: SizeOfImage: 0x24000 (147456) 136c.1160: Resource Dir: 0x22000 LB 0x378 136c.1160: ProductName: Kaspersky™ Anti-Virus ® 136c.1160: ProductVersion: 1.2.0.29 136c.1160: FileVersion: 1.2.0.29 136c.1160: FileDescription: Filter Core [fre_win8_x64] 136c.1160: \SystemRoot\System32\drivers\klif.sys: 136c.1160: CreationTime: 2015-08-11T14:13:18.070470200Z 136c.1160: LastWriteTime: 2015-08-11T14:13:18.086094800Z 136c.1160: ChangeTime: 2015-08-11T14:13:20.206386600Z 136c.1160: FileAttributes: 0x20 136c.1160: Size: 0xa2660 136c.1160: NT Headers: 0xf8 136c.1160: Timestamp: 0x527a56b4 136c.1160: Machine: 0x8664 - amd64 136c.1160: Timestamp: 0x527a56b4 136c.1160: Image Version: 6.2 136c.1160: SizeOfImage: 0xaf000 (716800) 136c.1160: Resource Dir: 0xad000 LB 0x388 136c.1160: ProductName: Kaspersky™ Anti-Virus ® 136c.1160: ProductVersion: 8.12.1.115 136c.1160: FileVersion: 8.12.1.115 136c.1160: FileDescription: Klif Mini-Filter [fre_win8_x64] 136c.1160: \SystemRoot\System32\drivers\klim6.sys: 136c.1160: CreationTime: 2013-07-11T07:54:12.000000000Z 136c.1160: LastWriteTime: 2013-07-11T07:54:12.000000000Z 136c.1160: ChangeTime: 2015-08-11T14:13:32.282909500Z 136c.1160: FileAttributes: 0x20 136c.1160: Size: 0x7660 136c.1160: NT Headers: 0xe0 136c.1160: Timestamp: 0x51de6494 136c.1160: Machine: 0x8664 - amd64 136c.1160: Timestamp: 0x51de6494 136c.1160: Image Version: 6.2 136c.1160: SizeOfImage: 0xa000 (40960) 136c.1160: Resource Dir: 0x8000 LB 0x470 136c.1160: ProductName: Kaspersky Anti-Virus 136c.1160: ProductVersion: 6.0.1.990 136c.1160: FileVersion: 8.0.0.71 136c.1160: FileDescription: Kaspersky Lab Intermediate Network Driver 136c.1160: \SystemRoot\System32\drivers\kneps.sys: 136c.1160: CreationTime: 2013-07-01T13:18:10.000000000Z 136c.1160: LastWriteTime: 2013-07-01T13:18:10.000000000Z 136c.1160: ChangeTime: 2015-08-11T14:13:34.486061700Z 136c.1160: FileAttributes: 0x20 136c.1160: Size: 0x2b660 136c.1160: NT Headers: 0x110 136c.1160: Timestamp: 0x51d1814d 136c.1160: Machine: 0x8664 - amd64 136c.1160: Timestamp: 0x51d1814d 136c.1160: Image Version: 6.1 136c.1160: SizeOfImage: 0x2d000 (184320) 136c.1160: Resource Dir: 0x2b000 LB 0x370 136c.1160: ProductName: Kaspersky™ Anti-Virus ® 136c.1160: ProductVersion: 5.2.1.1 136c.1160: FileVersion: 5.2.1.1 built by: WinDDK 136c.1160: FileDescription: KNEPS Power 136c.1160: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox' 136c.1160: Calling main() 136c.1160: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 136c.1160: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox' 136c.1160: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 136c.1160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe) 136c.1160: SUPR3HardenedMain: Respawn #2 136c.1160: supR3HardNtEnableThreadCreation: 136c.1160: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffc7f988ec0 pvNtTerminateThread=00007ffc7fa01700 136c.1160: supR3HardenedWinDoReSpawn(2): New child 998.193c [kernel32]. 136c.1160: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless) 136c.1160: supR3HardNtChildGatherData: PebBaseAddress=00007ff7be185000 cbPeb=0x388 136c.1160: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffc7f970000 uNtDllChildAddr=00007ffc7f970000 136c.1160: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffc7f988ec0 136c.1160: supR3HardenedWinSetupChildInit: Start child. 136c.1160: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. 136c.1160: supR3HardNtChildPurify: Startup delay kludge #1/0: 515 ms, 26 sleeps 136c.1160: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 136c.1160: *0000000000000000-ffffffffff79ffff 0x0001/0x0000 0x0000000 136c.1160: *0000000000860000-000000000083ffff 0x0004/0x0004 0x0020000 136c.1160: *0000000000880000-0000000000870fff 0x0002/0x0002 0x0040000 136c.1160: 000000000088f000-000000000088dfff 0x0001/0x0000 0x0000000 136c.1160: *0000000000890000-0000000000793fff 0x0000/0x0004 0x0020000 136c.1160: 000000000098c000-0000000000988fff 0x0104/0x0004 0x0020000 136c.1160: 000000000098f000-000000000098dfff 0x0004/0x0004 0x0020000 136c.1160: *0000000000990000-000000000098bfff 0x0002/0x0002 0x0040000 136c.1160: 0000000000994000-0000000000987fff 0x0001/0x0000 0x0000000 136c.1160: *00000000009a0000-000000000099dfff 0x0004/0x0004 0x0020000 136c.1160: 00000000009a2000-ffffffffa1343fff 0x0001/0x0000 0x0000000 136c.1160: *0000000060000000-000000005fffcfff 0x0080/0x0080 0x0040000 !! 136c.1160: supHardNtVpScanVirtualMemory: Unmapping exec mem at 0000000060000000 (0000000060000000/0000000060000000 LB 0x3000) 136c.1160: 0000000060003000-0000000040025fff 0x0001/0x0000 0x0000000 136c.1160: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000 136c.1160: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000 136c.1160: 000000007fff0000-ffff800941e7ffff 0x0001/0x0000 0x0000000 136c.1160: *00007ff7be160000-00007ff7be13cfff 0x0002/0x0002 0x0040000 136c.1160: 00007ff7be183000-00007ff7be180fff 0x0001/0x0000 0x0000000 136c.1160: *00007ff7be185000-00007ff7be183fff 0x0004/0x0004 0x0020000 136c.1160: 00007ff7be186000-00007ff7be17dfff 0x0001/0x0000 0x0000000 136c.1160: *00007ff7be18e000-00007ff7be18bfff 0x0004/0x0004 0x0020000 136c.1160: 00007ff7be190000-00007ff7be16ffff 0x0001/0x0000 0x0000000 136c.1160: *00007ff7be1b0000-00007ff7be1b0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 136c.1160: 00007ff7be1b1000-00007ff7be237fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 136c.1160: 00007ff7be238000-00007ff7be238fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 136c.1160: 00007ff7be239000-00007ff7be283fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 136c.1160: 00007ff7be284000-00007ff7be284fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 136c.1160: 00007ff7be285000-00007ff7be285fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 136c.1160: 00007ff7be286000-00007ff7be28afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 136c.1160: 00007ff7be28b000-00007ff7be28bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 136c.1160: 00007ff7be28c000-00007ff7be28cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 136c.1160: 00007ff7be28d000-00007ff7be290fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 136c.1160: 00007ff7be291000-00007ff7be2dbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 136c.1160: 00007ff7be2dc000-00007ff2fcc47fff 0x0001/0x0000 0x0000000 136c.1160: *00007ffc7f970000-00007ffc7f970fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 136c.1160: 00007ffc7f971000-00007ffc7fa9cfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 136c.1160: 00007ffc7fa9d000-00007ffc7faa2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 136c.1160: 00007ffc7faa3000-00007ffc7faaffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 136c.1160: 00007ffc7fab0000-00007ffc7fab0fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 136c.1160: 00007ffc7fab1000-00007ffc7fab3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 136c.1160: 00007ffc7fab4000-00007ffc7fab4fff 0x0010/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 136c.1160: 00007ffc7fab5000-00007ffc7fb1bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 136c.1160: 00007ffc7fb1c000-00007ff8ff657fff 0x0001/0x0000 0x0000000 136c.1160: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000 136c.1160: VirtualBox.exe: timestamp 0x55eeaed7 (rc=VINF_SUCCESS) 136c.1160: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 136c.1160: '\Device\HarddiskVolume1\Windows\System32\ntdll.dll' has no imports 136c.1160: supR3HardNtChildPurify: cFixes=1 g_fSupAdversaries=0x40 136c.1160: supR3HardNtChildPurify: Startup delay kludge #1/1: 522 ms, 27 sleeps 136c.1160: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 136c.1160: *0000000000000000-ffffffffff79ffff 0x0001/0x0000 0x0000000 136c.1160: *0000000000860000-000000000083ffff 0x0004/0x0004 0x0020000 136c.1160: *0000000000880000-0000000000870fff 0x0002/0x0002 0x0040000 136c.1160: 000000000088f000-000000000088dfff 0x0001/0x0000 0x0000000 136c.1160: *0000000000890000-0000000000793fff 0x0000/0x0004 0x0020000 136c.1160: 000000000098c000-0000000000988fff 0x0104/0x0004 0x0020000 136c.1160: 000000000098f000-000000000098dfff 0x0004/0x0004 0x0020000 136c.1160: *0000000000990000-000000000098bfff 0x0002/0x0002 0x0040000 136c.1160: 0000000000994000-0000000000987fff 0x0001/0x0000 0x0000000 136c.1160: *00000000009a0000-000000000099dfff 0x0004/0x0004 0x0020000 136c.1160: 00000000009a2000-ffffffff81363fff 0x0001/0x0000 0x0000000 136c.1160: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000 136c.1160: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000 136c.1160: 000000007fff0000-ffff800941e7ffff 0x0001/0x0000 0x0000000 136c.1160: *00007ff7be160000-00007ff7be13cfff 0x0002/0x0002 0x0040000 136c.1160: 00007ff7be183000-00007ff7be180fff 0x0001/0x0000 0x0000000 136c.1160: *00007ff7be185000-00007ff7be183fff 0x0004/0x0004 0x0020000 136c.1160: 00007ff7be186000-00007ff7be17dfff 0x0001/0x0000 0x0000000 136c.1160: *00007ff7be18e000-00007ff7be18bfff 0x0004/0x0004 0x0020000 136c.1160: 00007ff7be190000-00007ff7be16ffff 0x0001/0x0000 0x0000000 136c.1160: *00007ff7be1b0000-00007ff7be1b0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 136c.1160: 00007ff7be1b1000-00007ff7be237fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 136c.1160: 00007ff7be238000-00007ff7be238fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 136c.1160: 00007ff7be239000-00007ff7be283fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 136c.1160: 00007ff7be284000-00007ff7be290fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 136c.1160: 00007ff7be291000-00007ff7be2dbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 136c.1160: 00007ff7be2dc000-00007ff2fcc47fff 0x0001/0x0000 0x0000000 136c.1160: *00007ffc7f970000-00007ffc7f970fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 136c.1160: 00007ffc7f971000-00007ffc7fa9cfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 136c.1160: 00007ffc7fa9d000-00007ffc7faa2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 136c.1160: 00007ffc7faa3000-00007ffc7faaffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 136c.1160: 00007ffc7fab0000-00007ffc7fab3fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 136c.1160: 00007ffc7fab4000-00007ffc7fab4fff 0x0010/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 136c.1160: 00007ffc7fab5000-00007ffc7fb1bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 136c.1160: 00007ffc7fb1c000-00007ff8ff657fff 0x0001/0x0000 0x0000000 136c.1160: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000 136c.1160: supR3HardNtChildPurify: Done after 1101 ms and 1 fixes (loop #1). 998.193c: Log file opened: 5.0.4r102546 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x63258000 998.193c: supR3HardenedVmProcessInit: uNtDllAddr=00007ffc7f970000 998.193c: ntdll.dll: timestamp 0x55a68e0c (rc=VINF_SUCCESS) 998.193c: New simple heap: #1 0000000000ab0000 LB 0x400000 (for 1753088 allocation) 136c.1160: supR3HardenedEarlyCompact: Removed heap 1 (0x000000011e0000 LB 0x400000) 136c.1160: supR3HardNtEnableThreadCreation: 998.193c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox' 998.193c: System32: \Device\HarddiskVolume1\Windows\System32 998.193c: WinSxS: \Device\HarddiskVolume1\Windows\WinSxS 998.193c: KnownDllPath: C:\Windows\system32 998.193c: supR3HardenedVmProcessInit: Opening vboxdrv... 998.193c: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 998.193c: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 998.193c: Registered Dll notification callback with NTDLL. 998.193c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\kernel32.dll) 998.193c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\kernel32.dll 998.193c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801: [calling] 998.193c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 998.193c: supR3HardenedDllNotificationCallback: load 00007ffc7cba0000 LB 0x00115000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0] 998.193c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\KernelBase.dll) 998.193c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\KernelBase.dll 998.193c: supR3HardenedDllNotificationCallback: load 00007ffc7dd10000 LB 0x0013e000 C:\Windows\system32\KERNEL32.DLL [fFlags=0x0] 998.193c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 998.193c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc7dd10000 'C:\Windows\system32\KERNEL32.DLL' 998.193c: supR3HardenedDllNotificationCallback: load 00007ff7be1b0000 LB 0x0012c000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0] 998.193c: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 998.193c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe) 998.193c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 136c.1160: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 93 ms, CloseEvents); 20.d84: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 1215 ms, the end);