9974.94c0: Log file opened: 5.0.16r105871 g_hStartupLog=0000000000000238 g_uNtVerCombined=0x63258000 9974.94c0: \SystemRoot\System32\ntdll.dll: 9974.94c0: CreationTime: 2015-12-13T13:29:03.797225700Z 9974.94c0: LastWriteTime: 2015-12-13T13:29:03.816235700Z 9974.94c0: ChangeTime: 2015-12-13T14:16:49.586389800Z 9974.94c0: FileAttributes: 0x20 9974.94c0: Size: 0x1a7958 9974.94c0: NT Headers: 0xd8 9974.94c0: Timestamp: 0x5650b9bb 9974.94c0: Machine: 0x8664 - amd64 9974.94c0: Timestamp: 0x5650b9bb 9974.94c0: Image Version: 6.3 9974.94c0: SizeOfImage: 0x1ac000 (1753088) 9974.94c0: Resource Dir: 0x148000 LB 0x62450 9974.94c0: ProductName: Microsoft® Windows® Operating System 9974.94c0: ProductVersion: 6.3.9600.18146 9974.94c0: FileVersion: 6.3.9600.18146 (winblue_ltsb.151121-0600) 9974.94c0: FileDescription: NT Layer DLL 9974.94c0: \SystemRoot\System32\kernel32.dll: 9974.94c0: CreationTime: 2015-03-14T20:24:53.660703000Z 9974.94c0: LastWriteTime: 2015-03-14T20:24:53.675711600Z 9974.94c0: ChangeTime: 2015-12-13T14:17:30.550710900Z 9974.94c0: FileAttributes: 0x20 9974.94c0: Size: 0x13fc30 9974.94c0: NT Headers: 0xf8 9974.94c0: Timestamp: 0x545054ca 9974.94c0: Machine: 0x8664 - amd64 9974.94c0: Timestamp: 0x545054ca 9974.94c0: Image Version: 6.3 9974.94c0: SizeOfImage: 0x13e000 (1302528) 9974.94c0: Resource Dir: 0x12e000 LB 0x518 9974.94c0: ProductName: Microsoft® Windows® Operating System 9974.94c0: ProductVersion: 6.3.9600.17415 9974.94c0: FileVersion: 6.3.9600.17415 (winblue_r4.141028-1500) 9974.94c0: FileDescription: Windows NT BASE API Client DLL 9974.94c0: \SystemRoot\System32\KernelBase.dll: 9974.94c0: CreationTime: 2015-03-14T20:25:09.010491400Z 9974.94c0: LastWriteTime: 2015-03-14T20:25:09.027501400Z 9974.94c0: ChangeTime: 2015-12-13T14:17:30.872262900Z 9974.94c0: FileAttributes: 0x20 9974.94c0: Size: 0x114a90 9974.94c0: NT Headers: 0xf0 9974.94c0: Timestamp: 0x54505737 9974.94c0: Machine: 0x8664 - amd64 9974.94c0: Timestamp: 0x54505737 9974.94c0: Image Version: 6.3 9974.94c0: SizeOfImage: 0x115000 (1134592) 9974.94c0: Resource Dir: 0x110000 LB 0x3528 9974.94c0: ProductName: Microsoft® Windows® Operating System 9974.94c0: ProductVersion: 6.3.9600.17415 9974.94c0: FileVersion: 6.3.9600.17415 (winblue_r4.141028-1500) 9974.94c0: FileDescription: Windows NT BASE API Client DLL 9974.94c0: \SystemRoot\System32\apisetschema.dll: 9974.94c0: CreationTime: 2013-08-22T12:13:09.745625900Z 9974.94c0: LastWriteTime: 2013-08-22T12:35:12.091034400Z 9974.94c0: ChangeTime: 2014-04-14T23:08:56.536511300Z 9974.94c0: FileAttributes: 0x20 9974.94c0: Size: 0x11360 9974.94c0: NT Headers: 0xd0 9974.94c0: Timestamp: 0x52160049 9974.94c0: Machine: 0x8664 - amd64 9974.94c0: Timestamp: 0x52160049 9974.94c0: Image Version: 6.3 9974.94c0: SizeOfImage: 0x13000 (77824) 9974.94c0: Resource Dir: 0x11000 LB 0x3f8 9974.94c0: ProductName: Microsoft® Windows® Operating System 9974.94c0: ProductVersion: 6.3.9600.16384 9974.94c0: FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623) 9974.94c0: FileDescription: ApiSet Schema DLL 9974.94c0: NtOpenDirectoryObject failed on \Driver: 0xc0000022 9974.94c0: supR3HardenedWinFindAdversaries: 0x880 9974.94c0: \SystemRoot\System32\drivers\MBAMSwissArmy.sys: 9974.94c0: CreationTime: 2014-04-14T02:00:54.365714500Z 9974.94c0: LastWriteTime: 2016-03-11T11:35:07.512306600Z 9974.94c0: ChangeTime: 2016-03-11T11:35:07.512306600Z 9974.94c0: FileAttributes: 0x2020 9974.94c0: Size: 0x2eed8 9974.94c0: NT Headers: 0xe0 9974.94c0: Timestamp: 0x55b855d9 9974.94c0: Machine: 0x8664 - amd64 9974.94c0: Timestamp: 0x55b855d9 9974.94c0: Image Version: 6.1 9974.94c0: SizeOfImage: 0x33000 (208896) 9974.94c0: Resource Dir: 0x31000 LB 0x3b8 9974.94c0: ProductName: Malwarebytes Anti-Malware 9974.94c0: ProductVersion: 0.3.0.0 9974.94c0: FileVersion: 0.3.0.0 9974.94c0: FileDescription: Malwarebytes Anti-Malware 9974.94c0: \SystemRoot\System32\drivers\mwac.sys: 9974.94c0: CreationTime: 2014-04-14T01:59:19.936766400Z 9974.94c0: LastWriteTime: 2015-10-13T21:47:21.646896700Z 9974.94c0: ChangeTime: 2015-10-13T21:47:21.646896700Z 9974.94c0: FileAttributes: 0x20 9974.94c0: Size: 0xfad8 9974.94c0: NT Headers: 0xe0 9974.94c0: Timestamp: 0x53a0f444 9974.94c0: Machine: 0x8664 - amd64 9974.94c0: Timestamp: 0x53a0f444 9974.94c0: Image Version: 6.2 9974.94c0: SizeOfImage: 0x13000 (77824) 9974.94c0: Resource Dir: 0x11000 LB 0x3e0 9974.94c0: ProductName: Malwarebytes Web Access Control 9974.94c0: ProductVersion: 1.0.6.0 9974.94c0: FileVersion: 1.0.6.0 9974.94c0: FileDescription: Malwarebytes Web Access Control 9974.94c0: \SystemRoot\System32\drivers\mbamchameleon.sys: 9974.94c0: CreationTime: 2014-04-14T01:59:19.936766400Z 9974.94c0: LastWriteTime: 2015-10-13T21:47:21.751957800Z 9974.94c0: ChangeTime: 2015-10-13T21:47:21.751957800Z 9974.94c0: FileAttributes: 0x20 9974.94c0: Size: 0x1aad8 9974.94c0: NT Headers: 0xd8 9974.94c0: Timestamp: 0x55c103c3 9974.94c0: Machine: 0x8664 - amd64 9974.94c0: Timestamp: 0x55c103c3 9974.94c0: Image Version: 6.1 9974.94c0: SizeOfImage: 0x1e000 (122880) 9974.94c0: Resource Dir: 0x1c000 LB 0xba8 9974.94c0: ProductName: Malwarebytes Chameleon 9974.94c0: ProductVersion: 1.1.21.0 9974.94c0: FileVersion: 1.1.21.0 9974.94c0: FileDescription: Malwarebytes Chameleon Protection Driver 9974.94c0: \SystemRoot\System32\drivers\mbam.sys: 9974.94c0: CreationTime: 2014-04-14T01:59:19.921141100Z 9974.94c0: LastWriteTime: 2015-10-13T21:47:21.624886700Z 9974.94c0: ChangeTime: 2015-10-13T21:47:21.624886700Z 9974.94c0: FileAttributes: 0x20 9974.94c0: Size: 0x64d8 9974.94c0: NT Headers: 0xd8 9974.94c0: Timestamp: 0x55ca3257 9974.94c0: Machine: 0x8664 - amd64 9974.94c0: Timestamp: 0x55ca3257 9974.94c0: Image Version: 6.1 9974.94c0: SizeOfImage: 0xa000 (40960) 9974.94c0: Resource Dir: 0x8000 LB 0x3a0 9974.94c0: ProductName: Malwarebytes Anti-Malware 9974.94c0: ProductVersion: 0.1.16.0 9974.94c0: FileVersion: 0.1.16.0 9974.94c0: FileDescription: Malwarebytes Anti-Malware 9974.94c0: \SystemRoot\System32\drivers\cmdguard.sys: 9974.94c0: CreationTime: 2014-03-26T03:22:54.000000000Z 9974.94c0: LastWriteTime: 2015-11-18T17:14:52.838600000Z 9974.94c0: ChangeTime: 2015-11-20T18:52:47.879818700Z 9974.94c0: FileAttributes: 0x2020 9974.94c0: Size: 0xca2f0 9974.94c0: NT Headers: 0xe0 9974.94c0: Timestamp: 0x564cabab 9974.94c0: Machine: 0x8664 - amd64 9974.94c0: Timestamp: 0x564cabab 9974.94c0: Image Version: 6.2 9974.94c0: SizeOfImage: 0xd6000 (876544) 9974.94c0: Resource Dir: 0xd3000 LB 0x3c8 9974.94c0: ProductName: COMODO Internet Security Sandbox Driver 9974.94c0: ProductVersion: 8, 2, 0, 4789 9974.94c0: FileVersion: 8, 2, 0, 4789 9974.94c0: FileDescription: COMODO Internet Security Sandbox Driver 9974.94c0: \SystemRoot\System32\drivers\cmderd.sys: 9974.94c0: CreationTime: 2014-03-26T03:22:54.000000000Z 9974.94c0: LastWriteTime: 2015-11-18T17:14:49.827800000Z 9974.94c0: ChangeTime: 2015-11-20T18:52:48.468156100Z 9974.94c0: FileAttributes: 0x2020 9974.94c0: Size: 0x54d8 9974.94c0: NT Headers: 0xd0 9974.94c0: Timestamp: 0x564cab95 9974.94c0: Machine: 0x8664 - amd64 9974.94c0: Timestamp: 0x564cab95 9974.94c0: Image Version: 6.2 9974.94c0: SizeOfImage: 0xa000 (40960) 9974.94c0: Resource Dir: 0x8000 LB 0x3d0 9974.94c0: ProductName: COMODO Internet Security Eradication Driver 9974.94c0: ProductVersion: 8, 2, 0, 4789 9974.94c0: FileVersion: 8, 2, 0, 4789 9974.94c0: FileDescription: COMODO Internet Security Eradication Driver 9974.94c0: \SystemRoot\System32\drivers\inspect.sys: 9974.94c0: CreationTime: 2014-03-26T03:22:56.000000000Z 9974.94c0: LastWriteTime: 2015-08-05T00:31:51.095200000Z 9974.94c0: ChangeTime: 2015-08-07T11:55:20.860859700Z 9974.94c0: FileAttributes: 0x20 9974.94c0: Size: 0x1f100 9974.94c0: NT Headers: 0xd8 9974.94c0: Timestamp: 0x55c148ef 9974.94c0: Machine: 0x8664 - amd64 9974.94c0: Timestamp: 0x55c148ef 9974.94c0: Image Version: 6.2 9974.94c0: SizeOfImage: 0x22000 (139264) 9974.94c0: Resource Dir: 0x20000 LB 0x3c8 9974.94c0: ProductName: COMODO Internet Security Firewall Driver 9974.94c0: ProductVersion: 8, 2, 0, 4674 9974.94c0: FileVersion: 8, 2, 0, 4674 9974.94c0: FileDescription: COMODO Internet Security Firewall Driver 9974.94c0: \SystemRoot\System32\drivers\cmdhlp.sys: 9974.94c0: CreationTime: 2014-03-26T03:22:56.000000000Z 9974.94c0: LastWriteTime: 2015-08-05T00:31:48.115600000Z 9974.94c0: ChangeTime: 2015-08-07T11:55:19.985357700Z 9974.94c0: FileAttributes: 0x2020 9974.94c0: Size: 0x88f0 9974.94c0: NT Headers: 0xd8 9974.94c0: Timestamp: 0x55c148f4 9974.94c0: Machine: 0x8664 - amd64 9974.94c0: Timestamp: 0x55c148f4 9974.94c0: Image Version: 6.2 9974.94c0: SizeOfImage: 0xc000 (49152) 9974.94c0: Resource Dir: 0xa000 LB 0x3c0 9974.94c0: ProductName: COMODO Internet Security Helper Driver 9974.94c0: ProductVersion: 8, 2, 0, 4674 9974.94c0: FileVersion: 8, 2, 0, 4674 9974.94c0: FileDescription: COMODO Internet Security Helper Driver 9974.94c0: \SystemRoot\System32\guard64.dll: 9974.94c0: CreationTime: 2014-03-26T03:22:36.000000000Z 9974.94c0: LastWriteTime: 2015-09-03T11:52:00.103200000Z 9974.94c0: ChangeTime: 2015-09-07T17:46:58.439561400Z 9974.94c0: FileAttributes: 0x20 9974.94c0: Size: 0x8d750 9974.94c0: NT Headers: 0x118 9974.94c0: Timestamp: 0x55e818af 9974.94c0: Machine: 0x8664 - amd64 9974.94c0: Timestamp: 0x55e818af 9974.94c0: Image Version: 0.0 9974.94c0: SizeOfImage: 0x96000 (614400) 9974.94c0: Resource Dir: 0x93000 LB 0xd80 9974.94c0: ProductName: COMODO Internet Security 9974.94c0: ProductVersion: 8, 2, 0, 4703 9974.94c0: FileVersion: 8, 2, 0, 4703 9974.94c0: FileDescription: COMODO Internet Security 9974.94c0: \SystemRoot\System32\cmdvrt64.dll: 9974.94c0: CreationTime: 2014-03-26T03:22:30.000000000Z 9974.94c0: LastWriteTime: 2015-08-05T00:28:50.806000000Z 9974.94c0: ChangeTime: 2015-08-07T11:55:24.608002500Z 9974.94c0: FileAttributes: 0x2020 9974.94c0: Size: 0x576c0 9974.94c0: NT Headers: 0x100 9974.94c0: Timestamp: 0x55c1491b 9974.94c0: Machine: 0x8664 - amd64 9974.94c0: Timestamp: 0x55c1491b 9974.94c0: Image Version: 0.0 9974.94c0: SizeOfImage: 0x5d000 (380928) 9974.94c0: Resource Dir: 0x5b000 LB 0x5ac 9974.94c0: ProductName: COMODO Internet Security 9974.94c0: ProductVersion: 8, 2, 0, 4674 9974.94c0: FileVersion: 8, 2, 0, 4674 9974.94c0: FileDescription: COMODO Internet Security 9974.94c0: \SystemRoot\System32\cmdkbd64.dll: 9974.94c0: CreationTime: 2014-03-26T03:22:30.000000000Z 9974.94c0: LastWriteTime: 2015-08-05T00:28:20.760400000Z 9974.94c0: ChangeTime: 2015-08-07T11:55:25.549541300Z 9974.94c0: FileAttributes: 0x2020 9974.94c0: Size: 0xb2c0 9974.94c0: NT Headers: 0xe8 9974.94c0: Timestamp: 0x55c14914 9974.94c0: Machine: 0x8664 - amd64 9974.94c0: Timestamp: 0x55c14914 9974.94c0: Image Version: 0.0 9974.94c0: SizeOfImage: 0xf000 (61440) 9974.94c0: Resource Dir: 0xd000 LB 0x5ac 9974.94c0: ProductName: COMODO Internet Security 9974.94c0: ProductVersion: 8, 2, 0, 4674 9974.94c0: FileVersion: 8, 2, 0, 4674 9974.94c0: FileDescription: COMODO Internet Security 9974.94c0: \SystemRoot\System32\cmdcsr.dll: 9974.94c0: CreationTime: 2014-03-26T03:22:38.000000000Z 9974.94c0: LastWriteTime: 2015-08-05T00:29:56.903200000Z 9974.94c0: ChangeTime: 2015-08-07T11:55:25.881731700Z 9974.94c0: FileAttributes: 0x20 9974.94c0: Size: 0xa108 9974.94c0: NT Headers: 0xd8 9974.94c0: Timestamp: 0x55c14910 9974.94c0: Machine: 0x8664 - amd64 9974.94c0: Timestamp: 0x55c14910 9974.94c0: Image Version: 0.0 9974.94c0: SizeOfImage: 0xc000 (49152) 9974.94c0: Resource Dir: 0xa000 LB 0x4a8 9974.94c0: ProductName: COMODO Internet Security 9974.94c0: ProductVersion: 8, 2, 0, 4674 9974.94c0: FileVersion: 8, 2, 0, 4674 9974.94c0: FileDescription: COMODO Internet Security 9974.94c0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 9974.94c0: Calling main() 9974.94c0: SUPR3HardenedMain: pszProgName=VBoxHeadless fFlags=0x0 9974.94c0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 9974.94c0: SUPR3HardenedMain: Respawn #1 9974.94c0: System32: \Device\HarddiskVolume2\Windows\System32 9974.94c0: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS 9974.94c0: KnownDllPath: C:\WINDOWS\system32 9974.94c0: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports 9974.94c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe) 9974.94c0: supR3HardNtEnableThreadCreation: 9974.94c0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffa9a228bf0 pvNtTerminateThread=00007ffa9a2a1350 9974.94c0: supR3HardenedWinDoReSpawn(1): New child 9b9c.9ba0 [kernel32]. 9974.94c0: supR3HardNtChildGatherData: PebBaseAddress=00007ff6c673e000 cbPeb=0x388 9974.94c0: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffa9a210000 uNtDllChildAddr=00007ffa9a210000 9974.94c0: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffa9a228bf0 9974.94c0: supR3HardenedWinSetupChildInit: Start child. 9974.94c0: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. 9974.94c0: supR3HardNtChildPurify: Startup delay kludge #1/0: 514 ms, 58 sleeps 9974.94c0: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 9974.94c0: *0000000000000000-ffffffffff84ffff 0x0001/0x0000 0x0000000 9974.94c0: *00000000007b0000-000000000078ffff 0x0004/0x0004 0x0020000 9974.94c0: *00000000007d0000-00000000007c0fff 0x0002/0x0002 0x0040000 9974.94c0: 00000000007df000-00000000007ddfff 0x0001/0x0000 0x0000000 9974.94c0: *00000000007e0000-00000000006e3fff 0x0000/0x0004 0x0020000 9974.94c0: 00000000008dc000-00000000008d8fff 0x0104/0x0004 0x0020000 9974.94c0: 00000000008df000-00000000008ddfff 0x0004/0x0004 0x0020000 9974.94c0: *00000000008e0000-00000000008dbfff 0x0002/0x0002 0x0040000 9974.94c0: 00000000008e4000-00000000008d7fff 0x0001/0x0000 0x0000000 9974.94c0: *00000000008f0000-00000000008edfff 0x0004/0x0004 0x0020000 9974.94c0: 00000000008f2000-ffffffff81203fff 0x0001/0x0000 0x0000000 9974.94c0: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000 9974.94c0: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000 9974.94c0: 000000007fff0000-ffff800a398cffff 0x0001/0x0000 0x0000000 9974.94c0: *00007ff6c6710000-00007ff6c66ecfff 0x0002/0x0002 0x0040000 9974.94c0: 00007ff6c6733000-00007ff6c6729fff 0x0001/0x0000 0x0000000 9974.94c0: *00007ff6c673c000-00007ff6c6739fff 0x0004/0x0004 0x0020000 9974.94c0: *00007ff6c673e000-00007ff6c673cfff 0x0004/0x0004 0x0020000 9974.94c0: 00007ff6c673f000-00007ff6c58fdfff 0x0001/0x0000 0x0000000 9974.94c0: *00007ff6c7580000-00007ff6c7580fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 9974.94c0: 00007ff6c7581000-00007ff6c7607fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 9974.94c0: 00007ff6c7608000-00007ff6c7608fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 9974.94c0: 00007ff6c7609000-00007ff6c7653fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 9974.94c0: 00007ff6c7654000-00007ff6c7654fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 9974.94c0: 00007ff6c7655000-00007ff6c7655fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 9974.94c0: 00007ff6c7656000-00007ff6c765afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 9974.94c0: 00007ff6c765b000-00007ff6c765bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 9974.94c0: 00007ff6c765c000-00007ff6c765cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 9974.94c0: 00007ff6c765d000-00007ff6c7660fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 9974.94c0: 00007ff6c7661000-00007ff6c76abfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 9974.94c0: 00007ff6c76ac000-00007ff2f4b47fff 0x0001/0x0000 0x0000000 9974.94c0: *00007ffa9a210000-00007ffa9a210fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 9974.94c0: 00007ffa9a211000-00007ffa9a33cfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 9974.94c0: 00007ffa9a33d000-00007ffa9a342fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 9974.94c0: 00007ffa9a343000-00007ffa9a34ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 9974.94c0: 00007ffa9a350000-00007ffa9a350fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 9974.94c0: 00007ffa9a351000-00007ffa9a353fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 9974.94c0: 00007ffa9a354000-00007ffa9a354fff 0x0010/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 9974.94c0: 00007ffa9a355000-00007ffa9a3bbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 9974.94c0: 00007ffa9a3bc000-00007ffa9a3a7fff 0x0001/0x0000 0x0000000 9974.94c0: *00007ffa9a3d0000-00007ffa9a3cefff 0x0040/0x0040 0x0020000 !! 9974.94c0: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 00007ffa9a3d0000 (LB 0x1000, 00007ffa9a3d0000 LB 0x1000) 9974.94c0: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [00007ffa9a3d0000/00007ffa9a3d0000 LB 0/0x1000] 9974.94c0: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/00007ffa9a3d0000 LB 0x565c10000 s=0x10000 ap=0x0 rp=0x00000000000001 9974.94c0: 00007ffa9a3d1000-00007ff5347c1fff 0x0001/0x0000 0x0000000 9974.94c0: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000 9974.94c0: VBoxHeadless.exe: timestamp 0x56d9b7eb (rc=VINF_SUCCESS) 9974.94c0: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports 9974.94c0: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports 9974.94c0: ntdll.dll: Differences in section #1 (.text) between file and memory: 9974.94c0: 00007ffa9a2a27e0 / 0x00927e0: 4c != e9 9974.94c0: 00007ffa9a2a27e1 / 0x00927e1: 8b != 1b 9974.94c0: 00007ffa9a2a27e2 / 0x00927e2: d1 != d8 9974.94c0: 00007ffa9a2a27e3 / 0x00927e3: b8 != 12 9974.94c0: 00007ffa9a2a27e4 / 0x00927e4: 9b != 00 9974.94c0: Restored 0x2000 bytes of original file content at 00007ffa9a2a0bfe 9974.94c0: supR3HardNtChildPurify: cFixes=2 g_fSupAdversaries=0x880 9974.94c0: supR3HardNtChildPurify: Startup delay kludge #1/1: 520 ms, 59 sleeps 9974.94c0: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 9974.94c0: *0000000000000000-ffffffffff84ffff 0x0001/0x0000 0x0000000 9974.94c0: *00000000007b0000-000000000078ffff 0x0004/0x0004 0x0020000 9974.94c0: *00000000007d0000-00000000007c0fff 0x0002/0x0002 0x0040000 9974.94c0: 00000000007df000-00000000007ddfff 0x0001/0x0000 0x0000000 9974.94c0: *00000000007e0000-00000000006e3fff 0x0000/0x0004 0x0020000 9974.94c0: 00000000008dc000-00000000008d8fff 0x0104/0x0004 0x0020000 9974.94c0: 00000000008df000-00000000008ddfff 0x0004/0x0004 0x0020000 9974.94c0: *00000000008e0000-00000000008dbfff 0x0002/0x0002 0x0040000 9974.94c0: 00000000008e4000-00000000008d7fff 0x0001/0x0000 0x0000000 9974.94c0: *00000000008f0000-00000000008edfff 0x0004/0x0004 0x0020000 9974.94c0: 00000000008f2000-ffffffff81203fff 0x0001/0x0000 0x0000000 9974.94c0: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000 9974.94c0: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000 9974.94c0: 000000007fff0000-ffff800a398cffff 0x0001/0x0000 0x0000000 9974.94c0: *00007ff6c6710000-00007ff6c66ecfff 0x0002/0x0002 0x0040000 9974.94c0: 00007ff6c6733000-00007ff6c6729fff 0x0001/0x0000 0x0000000 9974.94c0: *00007ff6c673c000-00007ff6c6739fff 0x0004/0x0004 0x0020000 9974.94c0: *00007ff6c673e000-00007ff6c673cfff 0x0004/0x0004 0x0020000 9974.94c0: 00007ff6c673f000-00007ff6c58fdfff 0x0001/0x0000 0x0000000 9974.94c0: *00007ff6c7580000-00007ff6c7580fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 9974.94c0: 00007ff6c7581000-00007ff6c7607fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 9974.94c0: 00007ff6c7608000-00007ff6c7608fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 9974.94c0: 00007ff6c7609000-00007ff6c7653fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 9974.94c0: 00007ff6c7654000-00007ff6c7660fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 9974.94c0: 00007ff6c7661000-00007ff6c76abfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 9974.94c0: 00007ff6c76ac000-00007ff2f4b47fff 0x0001/0x0000 0x0000000 9974.94c0: *00007ffa9a210000-00007ffa9a210fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 9974.94c0: 00007ffa9a211000-00007ffa9a33cfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 9974.94c0: 00007ffa9a33d000-00007ffa9a342fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 9974.94c0: 00007ffa9a343000-00007ffa9a34ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 9974.94c0: 00007ffa9a350000-00007ffa9a353fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 9974.94c0: 00007ffa9a354000-00007ffa9a354fff 0x0010/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 9974.94c0: 00007ffa9a355000-00007ffa9a3bbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 9974.94c0: 00007ffa9a3bc000-00007ff534797fff 0x0001/0x0000 0x0000000 9974.94c0: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000 9974.94c0: supR3HardNtChildPurify: Done after 1217 ms and 2 fixes (loop #1). 9974.94c0: supR3HardNtEnableThreadCreation: 9b9c.9ba0: Log file opened: 5.0.16r105871 g_hStartupLog=0000000000000008 g_uNtVerCombined=0x63258000 9b9c.9ba0: supR3HardenedVmProcessInit: uNtDllAddr=00007ffa9a210000 g_uNtVerCombined=0x63258000 9b9c.9ba0: ntdll.dll: timestamp 0x5650b9bb (rc=VINF_SUCCESS) 9b9c.9ba0: New simple heap: #1 0000000000a00000 LB 0x400000 (for 1753088 allocation) 9b9c.9ba0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 9b9c.9ba0: System32: \Device\HarddiskVolume2\Windows\System32 9b9c.9ba0: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS 9b9c.9ba0: KnownDllPath: C:\WINDOWS\system32 9b9c.9ba0: supR3HardenedVmProcessInit: Opening vboxdrv stub... 9b9c.9ba0: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 9b9c.9ba0: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 9b9c.9ba0: Registered Dll notification callback with NTDLL. 9b9c.9ba0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll) 9b9c.9ba0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll 9b9c.9ba0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801: [calling] 9b9c.9ba0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 9b9c.9ba0: supR3HardenedDllNotificationCallback: load 00007ffa97480000 LB 0x00115000 C:\WINDOWS\system32\KERNELBASE.dll [fFlags=0x0] 9b9c.9ba0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll) 9b9c.9ba0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll 9b9c.9ba0: supR3HardenedDllNotificationCallback: load 00007ffa99910000 LB 0x0013e000 C:\WINDOWS\system32\KERNEL32.DLL [fFlags=0x0] 9b9c.9ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 9b9c.9ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa99910000 'C:\WINDOWS\system32\KERNEL32.DLL' 9b9c.9ba0: supR3HardenedDllNotificationCallback: load 00007ff6c7580000 LB 0x0012c000 C:\Program Files\Oracle\VirtualBox\VBoxHeadless.exe [fFlags=0x0] 9b9c.9ba0: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports 9b9c.9ba0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe) 9b9c.9ba0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 9b9c.9ba0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffa9a228bf0 pvNtTerminateThread=00007ffa9a2a1350 9974.94c0: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 66 ms. 9b9c.9ba0: \SystemRoot\System32\ntdll.dll: 9b9c.9ba0: CreationTime: 2015-12-13T13:29:03.797225700Z 9b9c.9ba0: LastWriteTime: 2015-12-13T13:29:03.816235700Z 9b9c.9ba0: ChangeTime: 2015-12-13T14:16:49.586389800Z 9b9c.9ba0: FileAttributes: 0x20 9b9c.9ba0: Size: 0x1a7958 9b9c.9ba0: NT Headers: 0xd8 9b9c.9ba0: Timestamp: 0x5650b9bb 9b9c.9ba0: Machine: 0x8664 - amd64 9b9c.9ba0: Timestamp: 0x5650b9bb 9b9c.9ba0: Image Version: 6.3 9b9c.9ba0: SizeOfImage: 0x1ac000 (1753088) 9b9c.9ba0: Resource Dir: 0x148000 LB 0x62450 9b9c.9ba0: ProductName: Microsoft® Windows® Operating System 9b9c.9ba0: ProductVersion: 6.3.9600.18146 9b9c.9ba0: FileVersion: 6.3.9600.18146 (winblue_ltsb.151121-0600) 9b9c.9ba0: FileDescription: NT Layer DLL 9b9c.9ba0: \SystemRoot\System32\kernel32.dll: 9b9c.9ba0: CreationTime: 2015-03-14T20:24:53.660703000Z 9b9c.9ba0: LastWriteTime: 2015-03-14T20:24:53.675711600Z 9b9c.9ba0: ChangeTime: 2015-12-13T14:17:30.550710900Z 9b9c.9ba0: FileAttributes: 0x20 9b9c.9ba0: Size: 0x13fc30 9b9c.9ba0: NT Headers: 0xf8 9b9c.9ba0: Timestamp: 0x545054ca 9b9c.9ba0: Machine: 0x8664 - amd64 9b9c.9ba0: Timestamp: 0x545054ca 9b9c.9ba0: Image Version: 6.3 9b9c.9ba0: SizeOfImage: 0x13e000 (1302528) 9b9c.9ba0: Resource Dir: 0x12e000 LB 0x518 9b9c.9ba0: ProductName: Microsoft® Windows® Operating System 9b9c.9ba0: ProductVersion: 6.3.9600.17415 9b9c.9ba0: FileVersion: 6.3.9600.17415 (winblue_r4.141028-1500) 9b9c.9ba0: FileDescription: Windows NT BASE API Client DLL 9b9c.9ba0: \SystemRoot\System32\KernelBase.dll: 9b9c.9ba0: CreationTime: 2015-03-14T20:25:09.010491400Z 9b9c.9ba0: LastWriteTime: 2015-03-14T20:25:09.027501400Z 9b9c.9ba0: ChangeTime: 2015-12-13T14:17:30.872262900Z 9b9c.9ba0: FileAttributes: 0x20 9b9c.9ba0: Size: 0x114a90 9b9c.9ba0: NT Headers: 0xf0 9b9c.9ba0: Timestamp: 0x54505737 9b9c.9ba0: Machine: 0x8664 - amd64 9b9c.9ba0: Timestamp: 0x54505737 9b9c.9ba0: Image Version: 6.3 9b9c.9ba0: SizeOfImage: 0x115000 (1134592) 9b9c.9ba0: Resource Dir: 0x110000 LB 0x3528 9b9c.9ba0: ProductName: Microsoft® Windows® Operating System 9b9c.9ba0: ProductVersion: 6.3.9600.17415 9b9c.9ba0: FileVersion: 6.3.9600.17415 (winblue_r4.141028-1500) 9b9c.9ba0: FileDescription: Windows NT BASE API Client DLL 9b9c.9ba0: \SystemRoot\System32\apisetschema.dll: 9b9c.9ba0: CreationTime: 2013-08-22T12:13:09.745625900Z 9b9c.9ba0: LastWriteTime: 2013-08-22T12:35:12.091034400Z 9b9c.9ba0: ChangeTime: 2014-04-14T23:08:56.536511300Z 9b9c.9ba0: FileAttributes: 0x20 9b9c.9ba0: Size: 0x11360 9b9c.9ba0: NT Headers: 0xd0 9b9c.9ba0: Timestamp: 0x52160049 9b9c.9ba0: Machine: 0x8664 - amd64 9b9c.9ba0: Timestamp: 0x52160049 9b9c.9ba0: Image Version: 6.3 9b9c.9ba0: SizeOfImage: 0x13000 (77824) 9b9c.9ba0: Resource Dir: 0x11000 LB 0x3f8 9b9c.9ba0: ProductName: Microsoft® Windows® Operating System 9b9c.9ba0: ProductVersion: 6.3.9600.16384 9b9c.9ba0: FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623) 9b9c.9ba0: FileDescription: ApiSet Schema DLL 9b9c.9ba0: NtOpenDirectoryObject failed on \Driver: 0xc0000022 9b9c.9ba0: supR3HardenedWinFindAdversaries: 0x880 9b9c.9ba0: \SystemRoot\System32\drivers\MBAMSwissArmy.sys: 9b9c.9ba0: CreationTime: 2014-04-14T02:00:54.365714500Z 9b9c.9ba0: LastWriteTime: 2016-03-11T11:35:07.512306600Z 9b9c.9ba0: ChangeTime: 2016-03-11T11:35:07.512306600Z 9b9c.9ba0: FileAttributes: 0x2020 9b9c.9ba0: Size: 0x2eed8 9b9c.9ba0: NT Headers: 0xe0 9b9c.9ba0: Timestamp: 0x55b855d9 9b9c.9ba0: Machine: 0x8664 - amd64 9b9c.9ba0: Timestamp: 0x55b855d9 9b9c.9ba0: Image Version: 6.1 9b9c.9ba0: SizeOfImage: 0x33000 (208896) 9b9c.9ba0: Resource Dir: 0x31000 LB 0x3b8 9b9c.9ba0: ProductName: Malwarebytes Anti-Malware 9b9c.9ba0: ProductVersion: 0.3.0.0 9b9c.9ba0: FileVersion: 0.3.0.0 9b9c.9ba0: FileDescription: Malwarebytes Anti-Malware 9b9c.9ba0: \SystemRoot\System32\drivers\mwac.sys: 9b9c.9ba0: CreationTime: 2014-04-14T01:59:19.936766400Z 9b9c.9ba0: LastWriteTime: 2015-10-13T21:47:21.646896700Z 9b9c.9ba0: ChangeTime: 2015-10-13T21:47:21.646896700Z 9b9c.9ba0: FileAttributes: 0x20 9b9c.9ba0: Size: 0xfad8 9b9c.9ba0: NT Headers: 0xe0 9b9c.9ba0: Timestamp: 0x53a0f444 9b9c.9ba0: Machine: 0x8664 - amd64 9b9c.9ba0: Timestamp: 0x53a0f444 9b9c.9ba0: Image Version: 6.2 9b9c.9ba0: SizeOfImage: 0x13000 (77824) 9b9c.9ba0: Resource Dir: 0x11000 LB 0x3e0 9b9c.9ba0: ProductName: Malwarebytes Web Access Control 9b9c.9ba0: ProductVersion: 1.0.6.0 9b9c.9ba0: FileVersion: 1.0.6.0 9b9c.9ba0: FileDescription: Malwarebytes Web Access Control 9b9c.9ba0: \SystemRoot\System32\drivers\mbamchameleon.sys: 9b9c.9ba0: CreationTime: 2014-04-14T01:59:19.936766400Z 9b9c.9ba0: LastWriteTime: 2015-10-13T21:47:21.751957800Z 9b9c.9ba0: ChangeTime: 2015-10-13T21:47:21.751957800Z 9b9c.9ba0: FileAttributes: 0x20 9b9c.9ba0: Size: 0x1aad8 9b9c.9ba0: NT Headers: 0xd8 9b9c.9ba0: Timestamp: 0x55c103c3 9b9c.9ba0: Machine: 0x8664 - amd64 9b9c.9ba0: Timestamp: 0x55c103c3 9b9c.9ba0: Image Version: 6.1 9b9c.9ba0: SizeOfImage: 0x1e000 (122880) 9b9c.9ba0: Resource Dir: 0x1c000 LB 0xba8 9b9c.9ba0: ProductName: Malwarebytes Chameleon 9b9c.9ba0: ProductVersion: 1.1.21.0 9b9c.9ba0: FileVersion: 1.1.21.0 9b9c.9ba0: FileDescription: Malwarebytes Chameleon Protection Driver 9b9c.9ba0: \SystemRoot\System32\drivers\mbam.sys: 9b9c.9ba0: CreationTime: 2014-04-14T01:59:19.921141100Z 9b9c.9ba0: LastWriteTime: 2015-10-13T21:47:21.624886700Z 9b9c.9ba0: ChangeTime: 2015-10-13T21:47:21.624886700Z 9b9c.9ba0: FileAttributes: 0x20 9b9c.9ba0: Size: 0x64d8 9b9c.9ba0: NT Headers: 0xd8 9b9c.9ba0: Timestamp: 0x55ca3257 9b9c.9ba0: Machine: 0x8664 - amd64 9b9c.9ba0: Timestamp: 0x55ca3257 9b9c.9ba0: Image Version: 6.1 9b9c.9ba0: SizeOfImage: 0xa000 (40960) 9b9c.9ba0: Resource Dir: 0x8000 LB 0x3a0 9b9c.9ba0: ProductName: Malwarebytes Anti-Malware 9b9c.9ba0: ProductVersion: 0.1.16.0 9b9c.9ba0: FileVersion: 0.1.16.0 9b9c.9ba0: FileDescription: Malwarebytes Anti-Malware 9b9c.9ba0: \SystemRoot\System32\drivers\cmdguard.sys: 9b9c.9ba0: CreationTime: 2014-03-26T03:22:54.000000000Z 9b9c.9ba0: LastWriteTime: 2015-11-18T17:14:52.838600000Z 9b9c.9ba0: ChangeTime: 2015-11-20T18:52:47.879818700Z 9b9c.9ba0: FileAttributes: 0x2020 9b9c.9ba0: Size: 0xca2f0 9b9c.9ba0: NT Headers: 0xe0 9b9c.9ba0: Timestamp: 0x564cabab 9b9c.9ba0: Machine: 0x8664 - amd64 9b9c.9ba0: Timestamp: 0x564cabab 9b9c.9ba0: Image Version: 6.2 9b9c.9ba0: SizeOfImage: 0xd6000 (876544) 9b9c.9ba0: Resource Dir: 0xd3000 LB 0x3c8 9b9c.9ba0: ProductName: COMODO Internet Security Sandbox Driver 9b9c.9ba0: ProductVersion: 8, 2, 0, 4789 9b9c.9ba0: FileVersion: 8, 2, 0, 4789 9b9c.9ba0: FileDescription: COMODO Internet Security Sandbox Driver 9b9c.9ba0: \SystemRoot\System32\drivers\cmderd.sys: 9b9c.9ba0: CreationTime: 2014-03-26T03:22:54.000000000Z 9b9c.9ba0: LastWriteTime: 2015-11-18T17:14:49.827800000Z 9b9c.9ba0: ChangeTime: 2015-11-20T18:52:48.468156100Z 9b9c.9ba0: FileAttributes: 0x2020 9b9c.9ba0: Size: 0x54d8 9b9c.9ba0: NT Headers: 0xd0 9b9c.9ba0: Timestamp: 0x564cab95 9b9c.9ba0: Machine: 0x8664 - amd64 9b9c.9ba0: Timestamp: 0x564cab95 9b9c.9ba0: Image Version: 6.2 9b9c.9ba0: SizeOfImage: 0xa000 (40960) 9b9c.9ba0: Resource Dir: 0x8000 LB 0x3d0 9b9c.9ba0: ProductName: COMODO Internet Security Eradication Driver 9b9c.9ba0: ProductVersion: 8, 2, 0, 4789 9b9c.9ba0: FileVersion: 8, 2, 0, 4789 9b9c.9ba0: FileDescription: COMODO Internet Security Eradication Driver 9b9c.9ba0: \SystemRoot\System32\drivers\inspect.sys: 9b9c.9ba0: CreationTime: 2014-03-26T03:22:56.000000000Z 9b9c.9ba0: LastWriteTime: 2015-08-05T00:31:51.095200000Z 9b9c.9ba0: ChangeTime: 2015-08-07T11:55:20.860859700Z 9b9c.9ba0: FileAttributes: 0x20 9b9c.9ba0: Size: 0x1f100 9b9c.9ba0: NT Headers: 0xd8 9b9c.9ba0: Timestamp: 0x55c148ef 9b9c.9ba0: Machine: 0x8664 - amd64 9b9c.9ba0: Timestamp: 0x55c148ef 9b9c.9ba0: Image Version: 6.2 9b9c.9ba0: SizeOfImage: 0x22000 (139264) 9b9c.9ba0: Resource Dir: 0x20000 LB 0x3c8 9b9c.9ba0: ProductName: COMODO Internet Security Firewall Driver 9b9c.9ba0: ProductVersion: 8, 2, 0, 4674 9b9c.9ba0: FileVersion: 8, 2, 0, 4674 9b9c.9ba0: FileDescription: COMODO Internet Security Firewall Driver 9b9c.9ba0: \SystemRoot\System32\drivers\cmdhlp.sys: 9b9c.9ba0: CreationTime: 2014-03-26T03:22:56.000000000Z 9b9c.9ba0: LastWriteTime: 2015-08-05T00:31:48.115600000Z 9b9c.9ba0: ChangeTime: 2015-08-07T11:55:19.985357700Z 9b9c.9ba0: FileAttributes: 0x2020 9b9c.9ba0: Size: 0x88f0 9b9c.9ba0: NT Headers: 0xd8 9b9c.9ba0: Timestamp: 0x55c148f4 9b9c.9ba0: Machine: 0x8664 - amd64 9b9c.9ba0: Timestamp: 0x55c148f4 9b9c.9ba0: Image Version: 6.2 9b9c.9ba0: SizeOfImage: 0xc000 (49152) 9b9c.9ba0: Resource Dir: 0xa000 LB 0x3c0 9b9c.9ba0: ProductName: COMODO Internet Security Helper Driver 9b9c.9ba0: ProductVersion: 8, 2, 0, 4674 9b9c.9ba0: FileVersion: 8, 2, 0, 4674 9b9c.9ba0: FileDescription: COMODO Internet Security Helper Driver 9b9c.9ba0: \SystemRoot\System32\guard64.dll: 9b9c.9ba0: CreationTime: 2014-03-26T03:22:36.000000000Z 9b9c.9ba0: LastWriteTime: 2015-09-03T11:52:00.103200000Z 9b9c.9ba0: ChangeTime: 2015-09-07T17:46:58.439561400Z 9b9c.9ba0: FileAttributes: 0x20 9b9c.9ba0: Size: 0x8d750 9b9c.9ba0: NT Headers: 0x118 9b9c.9ba0: Timestamp: 0x55e818af 9b9c.9ba0: Machine: 0x8664 - amd64 9b9c.9ba0: Timestamp: 0x55e818af 9b9c.9ba0: Image Version: 0.0 9b9c.9ba0: SizeOfImage: 0x96000 (614400) 9b9c.9ba0: Resource Dir: 0x93000 LB 0xd80 9b9c.9ba0: ProductName: COMODO Internet Security 9b9c.9ba0: ProductVersion: 8, 2, 0, 4703 9b9c.9ba0: FileVersion: 8, 2, 0, 4703 9b9c.9ba0: FileDescription: COMODO Internet Security 9b9c.9ba0: \SystemRoot\System32\cmdvrt64.dll: 9b9c.9ba0: CreationTime: 2014-03-26T03:22:30.000000000Z 9b9c.9ba0: LastWriteTime: 2015-08-05T00:28:50.806000000Z 9b9c.9ba0: ChangeTime: 2015-08-07T11:55:24.608002500Z 9b9c.9ba0: FileAttributes: 0x2020 9b9c.9ba0: Size: 0x576c0 9b9c.9ba0: NT Headers: 0x100 9b9c.9ba0: Timestamp: 0x55c1491b 9b9c.9ba0: Machine: 0x8664 - amd64 9b9c.9ba0: Timestamp: 0x55c1491b 9b9c.9ba0: Image Version: 0.0 9b9c.9ba0: SizeOfImage: 0x5d000 (380928) 9b9c.9ba0: Resource Dir: 0x5b000 LB 0x5ac 9b9c.9ba0: ProductName: COMODO Internet Security 9b9c.9ba0: ProductVersion: 8, 2, 0, 4674 9b9c.9ba0: FileVersion: 8, 2, 0, 4674 9b9c.9ba0: FileDescription: COMODO Internet Security 9b9c.9ba0: \SystemRoot\System32\cmdkbd64.dll: 9b9c.9ba0: CreationTime: 2014-03-26T03:22:30.000000000Z 9b9c.9ba0: LastWriteTime: 2015-08-05T00:28:20.760400000Z 9b9c.9ba0: ChangeTime: 2015-08-07T11:55:25.549541300Z 9b9c.9ba0: FileAttributes: 0x2020 9b9c.9ba0: Size: 0xb2c0 9b9c.9ba0: NT Headers: 0xe8 9b9c.9ba0: Timestamp: 0x55c14914 9b9c.9ba0: Machine: 0x8664 - amd64 9b9c.9ba0: Timestamp: 0x55c14914 9b9c.9ba0: Image Version: 0.0 9b9c.9ba0: SizeOfImage: 0xf000 (61440) 9b9c.9ba0: Resource Dir: 0xd000 LB 0x5ac 9b9c.9ba0: ProductName: COMODO Internet Security 9b9c.9ba0: ProductVersion: 8, 2, 0, 4674 9b9c.9ba0: FileVersion: 8, 2, 0, 4674 9b9c.9ba0: FileDescription: COMODO Internet Security 9b9c.9ba0: \SystemRoot\System32\cmdcsr.dll: 9b9c.9ba0: CreationTime: 2014-03-26T03:22:38.000000000Z 9b9c.9ba0: LastWriteTime: 2015-08-05T00:29:56.903200000Z 9b9c.9ba0: ChangeTime: 2015-08-07T11:55:25.881731700Z 9b9c.9ba0: FileAttributes: 0x20 9b9c.9ba0: Size: 0xa108 9b9c.9ba0: NT Headers: 0xd8 9b9c.9ba0: Timestamp: 0x55c14910 9b9c.9ba0: Machine: 0x8664 - amd64 9b9c.9ba0: Timestamp: 0x55c14910 9b9c.9ba0: Image Version: 0.0 9b9c.9ba0: SizeOfImage: 0xc000 (49152) 9b9c.9ba0: Resource Dir: 0xa000 LB 0x4a8 9b9c.9ba0: ProductName: COMODO Internet Security 9b9c.9ba0: ProductVersion: 8, 2, 0, 4674 9b9c.9ba0: FileVersion: 8, 2, 0, 4674 9b9c.9ba0: FileDescription: COMODO Internet Security 9b9c.9ba0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 9b9c.9ba0: Calling main() 9b9c.9ba0: SUPR3HardenedMain: pszProgName=VBoxHeadless fFlags=0x0 9b9c.9ba0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 9b9c.9ba0: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports 9b9c.9ba0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe) 9b9c.9ba0: SUPR3HardenedMain: Respawn #2 9b9c.9ba0: supR3HardNtEnableThreadCreation: 9b9c.9ba0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffa9a228bf0 pvNtTerminateThread=00007ffa9a2a1350 9b9c.9ba0: supR3HardenedWinDoReSpawn(2): New child 98bc.987c [kernel32]. 9b9c.9ba0: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless) 9b9c.9ba0: supR3HardNtChildGatherData: PebBaseAddress=00007ff6c720f000 cbPeb=0x388 9b9c.9ba0: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffa9a210000 uNtDllChildAddr=00007ffa9a210000 9b9c.9ba0: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffa9a228bf0 9b9c.9ba0: supR3HardenedWinSetupChildInit: Start child. 9b9c.9ba0: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. 9b9c.9ba0: supR3HardNtChildPurify: Startup delay kludge #1/0: 520 ms, 59 sleeps 9b9c.9ba0: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 9b9c.9ba0: *0000000000000000-ffffffffff2cffff 0x0001/0x0000 0x0000000 9b9c.9ba0: *0000000000d30000-0000000000d0ffff 0x0004/0x0004 0x0020000 9b9c.9ba0: *0000000000d50000-0000000000d40fff 0x0002/0x0002 0x0040000 9b9c.9ba0: 0000000000d5f000-0000000000d5dfff 0x0001/0x0000 0x0000000 9b9c.9ba0: *0000000000d60000-0000000000c63fff 0x0000/0x0004 0x0020000 9b9c.9ba0: 0000000000e5c000-0000000000e58fff 0x0104/0x0004 0x0020000 9b9c.9ba0: 0000000000e5f000-0000000000e5dfff 0x0004/0x0004 0x0020000 9b9c.9ba0: *0000000000e60000-0000000000e5bfff 0x0002/0x0002 0x0040000 9b9c.9ba0: 0000000000e64000-0000000000e57fff 0x0001/0x0000 0x0000000 9b9c.9ba0: *0000000000e70000-0000000000e6dfff 0x0004/0x0004 0x0020000 9b9c.9ba0: 0000000000e72000-0000000000e63fff 0x0001/0x0000 0x0000000 9b9c.9ba0: *0000000000e80000-0000000000e6efff 0x0040/0x0040 0x0020000 !! 9b9c.9ba0: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 0000000000e80000 (LB 0x11000, 0000000000e80000 LB 0x11000) 9b9c.9ba0: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [0000000000e80000/0000000000e80000 LB 0/0x11000] 9b9c.9ba0: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/0000000000e80000 LB 0x7f160000 s=0x10000 ap=0x0 rp=0x00000000000001 9b9c.9ba0: 0000000000e91000-ffffffff81d41fff 0x0001/0x0000 0x0000000 9b9c.9ba0: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000 9b9c.9ba0: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000 9b9c.9ba0: 000000007fff0000-ffff800a38dfffff 0x0001/0x0000 0x0000000 9b9c.9ba0: *00007ff6c71e0000-00007ff6c71bcfff 0x0002/0x0002 0x0040000 9b9c.9ba0: 00007ff6c7203000-00007ff6c71f8fff 0x0001/0x0000 0x0000000 9b9c.9ba0: *00007ff6c720d000-00007ff6c720afff 0x0004/0x0004 0x0020000 9b9c.9ba0: *00007ff6c720f000-00007ff6c720dfff 0x0004/0x0004 0x0020000 9b9c.9ba0: 00007ff6c7210000-00007ff6c6e9ffff 0x0001/0x0000 0x0000000 9b9c.9ba0: *00007ff6c7580000-00007ff6c7580fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 9b9c.9ba0: 00007ff6c7581000-00007ff6c7607fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 9b9c.9ba0: 00007ff6c7608000-00007ff6c7608fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 9b9c.9ba0: 00007ff6c7609000-00007ff6c7653fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 9b9c.9ba0: 00007ff6c7654000-00007ff6c7654fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 9b9c.9ba0: 00007ff6c7655000-00007ff6c7655fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 9b9c.9ba0: 00007ff6c7656000-00007ff6c765afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 9b9c.9ba0: 00007ff6c765b000-00007ff6c765bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 9b9c.9ba0: 00007ff6c765c000-00007ff6c765cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 9b9c.9ba0: 00007ff6c765d000-00007ff6c7660fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 9b9c.9ba0: 00007ff6c7661000-00007ff6c76abfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 9b9c.9ba0: 00007ff6c76ac000-00007ff2f4b47fff 0x0001/0x0000 0x0000000 9b9c.9ba0: *00007ffa9a210000-00007ffa9a210fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 9b9c.9ba0: 00007ffa9a211000-00007ffa9a33cfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 9b9c.9ba0: 00007ffa9a33d000-00007ffa9a342fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 9b9c.9ba0: 00007ffa9a343000-00007ffa9a34ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 9b9c.9ba0: 00007ffa9a350000-00007ffa9a350fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 9b9c.9ba0: 00007ffa9a351000-00007ffa9a353fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 9b9c.9ba0: 00007ffa9a354000-00007ffa9a354fff 0x0010/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 9b9c.9ba0: 00007ffa9a355000-00007ffa9a3bbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 9b9c.9ba0: 00007ffa9a3bc000-00007ffa9a3a7fff 0x0001/0x0000 0x0000000 9b9c.9ba0: *00007ffa9a3d0000-00007ffa9a3cefff 0x0040/0x0040 0x0020000 !! 9b9c.9ba0: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 00007ffa9a3d0000 (LB 0x1000, 00007ffa9a3d0000 LB 0x1000) 9b9c.9ba0: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [00007ffa9a3d0000/00007ffa9a3d0000 LB 0/0x1000] 9b9c.9ba0: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/00007ffa9a3d0000 LB 0x565c10000 s=0x10000 ap=0x0 rp=0x00000000000001 9b9c.9ba0: 00007ffa9a3d1000-00007ff5347c1fff 0x0001/0x0000 0x0000000 9b9c.9ba0: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000 9b9c.9ba0: VBoxHeadless.exe: timestamp 0x56d9b7eb (rc=VINF_SUCCESS) 9b9c.9ba0: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports 9b9c.9ba0: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports 9b9c.9ba0: ntdll.dll: Differences in section #1 (.text) between file and memory: 9b9c.9ba0: 00007ffa9a2a27e0 / 0x00927e0: 4c != e9 9b9c.9ba0: 00007ffa9a2a27e1 / 0x00927e1: 8b != 1b 9b9c.9ba0: 00007ffa9a2a27e2 / 0x00927e2: d1 != d8 9b9c.9ba0: 00007ffa9a2a27e3 / 0x00927e3: b8 != 12 9b9c.9ba0: 00007ffa9a2a27e4 / 0x00927e4: 9b != 00 9b9c.9ba0: Restored 0x2000 bytes of original file content at 00007ffa9a2a0bfe 9b9c.9ba0: supR3HardNtChildPurify: cFixes=3 g_fSupAdversaries=0x880 9b9c.9ba0: supR3HardNtChildPurify: Startup delay kludge #1/1: 519 ms, 59 sleeps 9b9c.9ba0: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 9b9c.9ba0: *0000000000000000-ffffffffff2cffff 0x0001/0x0000 0x0000000 9b9c.9ba0: *0000000000d30000-0000000000d0ffff 0x0004/0x0004 0x0020000 9b9c.9ba0: *0000000000d50000-0000000000d40fff 0x0002/0x0002 0x0040000 9b9c.9ba0: 0000000000d5f000-0000000000d5dfff 0x0001/0x0000 0x0000000 9b9c.9ba0: *0000000000d60000-0000000000c63fff 0x0000/0x0004 0x0020000 9b9c.9ba0: 0000000000e5c000-0000000000e58fff 0x0104/0x0004 0x0020000 9b9c.9ba0: 0000000000e5f000-0000000000e5dfff 0x0004/0x0004 0x0020000 9b9c.9ba0: *0000000000e60000-0000000000e5bfff 0x0002/0x0002 0x0040000 9b9c.9ba0: 0000000000e64000-0000000000e57fff 0x0001/0x0000 0x0000000 9b9c.9ba0: *0000000000e70000-0000000000e6dfff 0x0004/0x0004 0x0020000 9b9c.9ba0: 0000000000e72000-ffffffff81d03fff 0x0001/0x0000 0x0000000 9b9c.9ba0: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000 9b9c.9ba0: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000 9b9c.9ba0: 000000007fff0000-ffff800a38dfffff 0x0001/0x0000 0x0000000 9b9c.9ba0: *00007ff6c71e0000-00007ff6c71bcfff 0x0002/0x0002 0x0040000 9b9c.9ba0: 00007ff6c7203000-00007ff6c71f8fff 0x0001/0x0000 0x0000000 9b9c.9ba0: *00007ff6c720d000-00007ff6c720afff 0x0004/0x0004 0x0020000 9b9c.9ba0: *00007ff6c720f000-00007ff6c720dfff 0x0004/0x0004 0x0020000 9b9c.9ba0: 00007ff6c7210000-00007ff6c6e9ffff 0x0001/0x0000 0x0000000 9b9c.9ba0: *00007ff6c7580000-00007ff6c7580fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 9b9c.9ba0: 00007ff6c7581000-00007ff6c7607fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 9b9c.9ba0: 00007ff6c7608000-00007ff6c7608fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 9b9c.9ba0: 00007ff6c7609000-00007ff6c7653fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 9b9c.9ba0: 00007ff6c7654000-00007ff6c7660fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 9b9c.9ba0: 00007ff6c7661000-00007ff6c76abfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 9b9c.9ba0: 00007ff6c76ac000-00007ff2f4b47fff 0x0001/0x0000 0x0000000 9b9c.9ba0: *00007ffa9a210000-00007ffa9a210fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 9b9c.9ba0: 00007ffa9a211000-00007ffa9a33cfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 9b9c.9ba0: 00007ffa9a33d000-00007ffa9a342fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 9b9c.9ba0: 00007ffa9a343000-00007ffa9a34ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 9b9c.9ba0: 00007ffa9a350000-00007ffa9a353fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 9b9c.9ba0: 00007ffa9a354000-00007ffa9a354fff 0x0010/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 9b9c.9ba0: 00007ffa9a355000-00007ffa9a3bbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 9b9c.9ba0: 00007ffa9a3bc000-00007ff534797fff 0x0001/0x0000 0x0000000 9b9c.9ba0: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000 9b9c.9ba0: supR3HardNtChildPurify: Done after 1366 ms and 3 fixes (loop #1). 9b9c.9ba0: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000a00000 LB 0x400000) 9b9c.9ba0: supR3HardNtEnableThreadCreation: 98bc.987c: Log file opened: 5.0.16r105871 g_hStartupLog=0000000000000008 g_uNtVerCombined=0x63258000 98bc.987c: supR3HardenedVmProcessInit: uNtDllAddr=00007ffa9a210000 g_uNtVerCombined=0x63258000 98bc.987c: ntdll.dll: timestamp 0x5650b9bb (rc=VINF_SUCCESS) 98bc.987c: New simple heap: #1 0000000000f80000 LB 0x400000 (for 1753088 allocation) 98bc.987c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 98bc.987c: System32: \Device\HarddiskVolume2\Windows\System32 98bc.987c: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS 98bc.987c: KnownDllPath: C:\WINDOWS\system32 98bc.987c: supR3HardenedVmProcessInit: Opening vboxdrv... 98bc.987c: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 98bc.987c: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 98bc.987c: Registered Dll notification callback with NTDLL. 98bc.987c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll) 98bc.987c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll 98bc.987c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801: [calling] 98bc.987c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 98bc.987c: supR3HardenedDllNotificationCallback: load 00007ffa97480000 LB 0x00115000 C:\WINDOWS\system32\KERNELBASE.dll [fFlags=0x0] 98bc.987c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll) 98bc.987c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll 98bc.987c: supR3HardenedDllNotificationCallback: load 00007ffa99910000 LB 0x0013e000 C:\WINDOWS\system32\KERNEL32.DLL [fFlags=0x0] 98bc.987c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 98bc.987c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa99910000 'C:\WINDOWS\system32\KERNEL32.DLL' 98bc.987c: supR3HardenedDllNotificationCallback: load 00007ff6c7580000 LB 0x0012c000 C:\Program Files\Oracle\VirtualBox\VBoxHeadless.exe [fFlags=0x0] 98bc.987c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports 98bc.987c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe) 98bc.987c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 9b9c.9ba0: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 86 ms, CloseEvents); 9974.94c0: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 1623 ms, the end);