3700.22cc: Log file opened: 5.1.8r111374 g_hStartupLog=0000000000000060 g_uNtVerCombined=0xa03a6b00 3700.22cc: \SystemRoot\System32\ntdll.dll: 3700.22cc: CreationTime: 2016-10-21T07:57:39.324857200Z 3700.22cc: LastWriteTime: 2016-10-21T07:57:39.324857200Z 3700.22cc: ChangeTime: 2016-10-27T01:52:35.097173800Z 3700.22cc: FileAttributes: 0x20 3700.22cc: Size: 0x1cce58 3700.22cc: NT Headers: 0xe0 3700.22cc: Timestamp: 0x58098590 3700.22cc: Machine: 0x8664 - amd64 3700.22cc: Timestamp: 0x58098590 3700.22cc: Image Version: 10.0 3700.22cc: SizeOfImage: 0x1d1000 (1904640) 3700.22cc: Resource Dir: 0x168000 LB 0x67da8 3700.22cc: ProductName: Microsoft® Windows® Operating System 3700.22cc: ProductVersion: 10.0.14955.1000 3700.22cc: FileVersion: 10.0.14955.1000 (rs_prerelease.161020-1700) 3700.22cc: FileDescription: NT Layer DLL 3700.22cc: \SystemRoot\System32\kernel32.dll: 3700.22cc: CreationTime: 2016-10-21T07:57:05.509692700Z 3700.22cc: LastWriteTime: 2016-10-21T07:57:05.509692700Z 3700.22cc: ChangeTime: 2016-10-27T01:52:34.425298000Z 3700.22cc: FileAttributes: 0x20 3700.22cc: Size: 0xa9d90 3700.22cc: NT Headers: 0xf0 3700.22cc: Timestamp: 0x580989a0 3700.22cc: Machine: 0x8664 - amd64 3700.22cc: Timestamp: 0x580989a0 3700.22cc: Image Version: 10.0 3700.22cc: SizeOfImage: 0xac000 (704512) 3700.22cc: Resource Dir: 0xaa000 LB 0x528 3700.22cc: ProductName: Microsoft® Windows® Operating System 3700.22cc: ProductVersion: 10.0.14955.1000 3700.22cc: FileVersion: 10.0.14955.1000 (rs_prerelease.161020-1700) 3700.22cc: FileDescription: Windows NT BASE API Client DLL 3700.22cc: \SystemRoot\System32\KernelBase.dll: 3700.22cc: CreationTime: 2016-10-21T07:57:38.809191200Z 3700.22cc: LastWriteTime: 2016-10-21T07:57:38.809191200Z 3700.22cc: ChangeTime: 2016-10-27T01:52:34.440923000Z 3700.22cc: FileAttributes: 0x20 3700.22cc: Size: 0x230200 3700.22cc: NT Headers: 0x100 3700.22cc: Timestamp: 0x580985bd 3700.22cc: Machine: 0x8664 - amd64 3700.22cc: Timestamp: 0x580985bd 3700.22cc: Image Version: 10.0 3700.22cc: SizeOfImage: 0x231000 (2297856) 3700.22cc: Resource Dir: 0x213000 LB 0x550 3700.22cc: ProductName: Microsoft® Windows® Operating System 3700.22cc: ProductVersion: 10.0.14955.1000 3700.22cc: FileVersion: 10.0.14955.1000 (rs_prerelease.161020-1700) 3700.22cc: FileDescription: Windows NT BASE API Client DLL 3700.22cc: \SystemRoot\System32\apisetschema.dll: 3700.22cc: CreationTime: 2016-10-21T07:57:38.496665800Z 3700.22cc: LastWriteTime: 2016-10-21T07:57:38.496665800Z 3700.22cc: ChangeTime: 2016-10-27T01:52:33.237795400Z 3700.22cc: FileAttributes: 0x20 3700.22cc: Size: 0x19310 3700.22cc: NT Headers: 0xc8 3700.22cc: Timestamp: 0x58098c18 3700.22cc: Machine: 0x8664 - amd64 3700.22cc: Timestamp: 0x58098c18 3700.22cc: Image Version: 10.0 3700.22cc: SizeOfImage: 0x1b000 (110592) 3700.22cc: Resource Dir: 0x1a000 LB 0x418 3700.22cc: ProductName: Microsoft® Windows® Operating System 3700.22cc: ProductVersion: 10.0.14955.1000 3700.22cc: FileVersion: 10.0.14955.1000 (rs_prerelease.161020-1700) 3700.22cc: FileDescription: ApiSet Schema DLL 3700.22cc: NtOpenDirectoryObject failed on \Driver: 0xc0000022 3700.22cc: supR3HardenedWinFindAdversaries: 0x0 3700.22cc: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 3700.22cc: Calling main() 3700.22cc: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 3700.22cc: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 3700.22cc: SUPR3HardenedMain: Respawn #1 3700.22cc: System32: \Device\HarddiskVolume2\Windows\System32 3700.22cc: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS 3700.22cc: KnownDllPath: C:\WINDOWS\System32 3700.22cc: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 3700.22cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe) 3700.22cc: supR3HardNtEnableThreadCreation: 3700.22cc: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffa9eb6ae70 pvNtTerminateThread=00007ffa9eb930b0 3700.22cc: supR3HardenedWinDoReSpawn(1): New child 38b8.3810 [kernel32]. 3700.22cc: supR3HardNtChildGatherData: PebBaseAddress=00000000011cf000 cbPeb=0x388 3700.22cc: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffa9eaf0000 uNtDllChildAddr=00007ffa9eaf0000 3700.22cc: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffa9eb6ae70 3700.22cc: supR3HardenedWinSetupChildInit: Start child. 3700.22cc: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. 3700.22cc: supR3HardNtChildPurify: Startup delay kludge #1/0: 258 ms, 30 sleeps 3700.22cc: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 3700.22cc: *0000000000000000-ffffffffff13ffff 0x0001/0x0000 0x0000000 3700.22cc: *0000000000ec0000-0000000000e9ffff 0x0004/0x0004 0x0020000 3700.22cc: *0000000000ee0000-0000000000ec7fff 0x0002/0x0002 0x0040000 3700.22cc: 0000000000ef8000-0000000000eeffff 0x0001/0x0000 0x0000000 3700.22cc: *0000000000f00000-0000000000e04fff 0x0000/0x0004 0x0020000 3700.22cc: 0000000000ffb000-0000000000ff7fff 0x0104/0x0004 0x0020000 3700.22cc: 0000000000ffe000-0000000000ffbfff 0x0004/0x0004 0x0020000 3700.22cc: *0000000001000000-0000000000e30fff 0x0000/0x0004 0x0020000 3700.22cc: 00000000011cf000-00000000011cbfff 0x0004/0x0004 0x0020000 3700.22cc: 00000000011d2000-00000000011a3fff 0x0000/0x0004 0x0020000 3700.22cc: *0000000001200000-00000000011fbfff 0x0002/0x0002 0x0040000 3700.22cc: 0000000001204000-00000000011f7fff 0x0001/0x0000 0x0000000 3700.22cc: *0000000001210000-000000000120dfff 0x0004/0x0004 0x0020000 3700.22cc: 0000000001212000-ffffffff82443fff 0x0001/0x0000 0x0000000 3700.22cc: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000 3700.22cc: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000 3700.22cc: 000000007fff0000-ffff8009cc1fffff 0x0001/0x0000 0x0000000 3700.22cc: *00007ff733de0000-00007ff733dbcfff 0x0002/0x0002 0x0040000 3700.22cc: 00007ff733e03000-00007ff733415fff 0x0001/0x0000 0x0000000 3700.22cc: *00007ff7347f0000-00007ff7347f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 3700.22cc: 00007ff7347f1000-00007ff73485ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 3700.22cc: 00007ff734860000-00007ff734860fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 3700.22cc: 00007ff734861000-00007ff7348a5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 3700.22cc: 00007ff7348a6000-00007ff7348a6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 3700.22cc: 00007ff7348a7000-00007ff7348a7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 3700.22cc: 00007ff7348a8000-00007ff7348acfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 3700.22cc: 00007ff7348ad000-00007ff7348adfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 3700.22cc: 00007ff7348ae000-00007ff7348aefff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 3700.22cc: 00007ff7348af000-00007ff7348b2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 3700.22cc: 00007ff7348b3000-00007ff7348fafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 3700.22cc: 00007ff7348fb000-00007ff3ca705fff 0x0001/0x0000 0x0000000 3700.22cc: *00007ffa9eaf0000-00007ffa9eaf0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 3700.22cc: 00007ffa9eaf1000-00007ffa9ebf8fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 3700.22cc: 00007ffa9ebf9000-00007ffa9ec3cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 3700.22cc: 00007ffa9ec3d000-00007ffa9ec44fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 3700.22cc: 00007ffa9ec45000-00007ffa9ec52fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 3700.22cc: 00007ffa9ec53000-00007ffa9ec53fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 3700.22cc: 00007ffa9ec54000-00007ffa9ec56fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 3700.22cc: 00007ffa9ec57000-00007ffa9ecc0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 3700.22cc: 00007ffa9ecc1000-00007ff53d9a1fff 0x0001/0x0000 0x0000000 3700.22cc: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000 3700.22cc: VirtualBox.exe: timestamp 0x58062715 (rc=VINF_SUCCESS) 3700.22cc: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 3700.22cc: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports 3700.22cc: supR3HardNtChildPurify: Done after 291 ms and 0 fixes (loop #0). 38b8.3810: Log file opened: 5.1.8r111374 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa03a6b00 38b8.3810: supR3HardenedVmProcessInit: uNtDllAddr=00007ffa9eaf0000 g_uNtVerCombined=0xa03a6b00 38b8.3810: ntdll.dll: timestamp 0x58098590 (rc=VINF_SUCCESS) 38b8.3810: New simple heap: #1 0000000001320000 LB 0x400000 (for 1904640 allocation) 3700.22cc: supR3HardNtEnableThreadCreation: 38b8.3810: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 38b8.3810: System32: \Device\HarddiskVolume2\Windows\System32 38b8.3810: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS 38b8.3810: KnownDllPath: C:\WINDOWS\System32 38b8.3810: supR3HardenedVmProcessInit: Opening vboxdrv stub... 38b8.3810: supR3HardenedWinReadErrorInfoDevice: 'Grown load config (192 to 232 bytes) includes non-zero bytes: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 5e 0a 80 01 00 00 00 08 70 16 80 01 00 00 00 00 00 00 00 00 00 00 00RTLdrOpenWithReader failed: -626 (Image='\Device\HarddiskVolume2\Windows\System32\ntdll.dll').' 38b8.3810: Error -626 in supR3HardenedWinReSpawn! (enmWhat=3) 38b8.3810: NtCreateFile(\Device\VBoxDrvStub) failed: Unknown Status -626 (0xfffffd8e) (rcNt=0xe986fd8e) VBoxDrvStub error: Grown load config (192 to 232 bytes) includes non-zero bytes: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 5e 0a 80 01 00 00 00 08 70 16 80 01 00 00 00 00 00 00 00 00 00 00 00RTLdrOpenWithReader failed: -626 (Image='\Device\HarddiskVolume2\Windows\System32\ntdll.dll'). 3700.22cc: supR3HardenedWinCheckChild: enmRequest=2 rc=-626 enmWhat=3 supR3HardenedWinReSpawn: NtCreateFile(\Device\VBoxDrvStub) failed: Unknown Status -626 (0xfffffd8e) (rcNt=0xe986fd8e) VBoxDrvStub error: Grown load config (192 to 232 bytes) includes non-zero bytes: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 5e 0a 80 01 00 00 00 08 70 16 80 01 00 00 00 00 00 00 00 00 00 00 00RTLdrOpenWithReader failed: -626 (Image='\Device\HarddiskVolume2\Windows\System32\ntdll.dll'). 3700.22cc: Error -626 in supR3HardenedWinReSpawn! (enmWhat=3) 3700.22cc: NtCreateFile(\Device\VBoxDrvStub) failed: Unknown Status -626 (0xfffffd8e) (rcNt=0xe986fd8e) VBoxDrvStub error: Grown load config (192 to 232 bytes) includes non-zero bytes: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 5e 0a 80 01 00 00 00 08 70 16 80 01 00 00 00 00 00 00 00 00 00 00 00RTLdrOpenWithReader failed: -626 (Image='\Device\HarddiskVolume2\Windows\System32\ntdll.dll').