6d0.1284: Log file opened: 5.1.8r111374 g_hStartupLog=000000000000005c g_uNtVerCombined=0xa0383900 6d0.1284: \SystemRoot\System32\ntdll.dll: 6d0.1284: CreationTime: 2016-10-28T12:18:27.216442700Z 6d0.1284: LastWriteTime: 2016-10-15T04:47:16.150180800Z 6d0.1284: ChangeTime: 2016-10-30T20:41:52.883238100Z 6d0.1284: FileAttributes: 0x20 6d0.1284: Size: 0x1cbe88 6d0.1284: NT Headers: 0xd8 6d0.1284: Timestamp: 0x5801a332 6d0.1284: Machine: 0x8664 - amd64 6d0.1284: Timestamp: 0x5801a332 6d0.1284: Image Version: 10.0 6d0.1284: SizeOfImage: 0x1d1000 (1904640) 6d0.1284: Resource Dir: 0x168000 LB 0x67998 6d0.1284: ProductName: Microsoft® Windows® Operating System 6d0.1284: ProductVersion: 10.0.14393.351 6d0.1284: FileVersion: 10.0.14393.351 (rs1_release_inmarket.161014-1755) 6d0.1284: FileDescription: NT Layer DLL 6d0.1284: \SystemRoot\System32\kernel32.dll: 6d0.1284: CreationTime: 2016-07-16T11:42:16.155721400Z 6d0.1284: LastWriteTime: 2016-07-16T11:42:16.155721400Z 6d0.1284: ChangeTime: 2016-09-25T09:10:42.227583500Z 6d0.1284: FileAttributes: 0x20 6d0.1284: Size: 0xaade8 6d0.1284: NT Headers: 0xf0 6d0.1284: Timestamp: 0x57899a29 6d0.1284: Machine: 0x8664 - amd64 6d0.1284: Timestamp: 0x57899a29 6d0.1284: Image Version: 10.0 6d0.1284: SizeOfImage: 0xab000 (700416) 6d0.1284: Resource Dir: 0xa9000 LB 0x528 6d0.1284: ProductName: Microsoft® Windows® Operating System 6d0.1284: ProductVersion: 10.0.14393.0 6d0.1284: FileVersion: 10.0.14393.0 (rs1_release.160715-1616) 6d0.1284: FileDescription: Windows NT BASE API Client DLL 6d0.1284: \SystemRoot\System32\KernelBase.dll: 6d0.1284: CreationTime: 2016-10-17T13:56:28.676196000Z 6d0.1284: LastWriteTime: 2016-10-05T10:31:27.772259900Z 6d0.1284: ChangeTime: 2016-10-28T12:41:27.590180600Z 6d0.1284: FileAttributes: 0x20 6d0.1284: Size: 0x21c580 6d0.1284: NT Headers: 0xf8 6d0.1284: Timestamp: 0x57f4c4f0 6d0.1284: Machine: 0x8664 - amd64 6d0.1284: Timestamp: 0x57f4c4f0 6d0.1284: Image Version: 10.0 6d0.1284: SizeOfImage: 0x21d000 (2215936) 6d0.1284: Resource Dir: 0x201000 LB 0x560 6d0.1284: ProductName: Microsoft® Windows® Operating System 6d0.1284: ProductVersion: 10.0.14393.321 6d0.1284: FileVersion: 10.0.14393.321 (rs1_release_inmarket.161004-2338) 6d0.1284: FileDescription: Windows NT BASE API Client DLL 6d0.1284: \SystemRoot\System32\apisetschema.dll: 6d0.1284: CreationTime: 2016-07-16T11:42:21.577586000Z 6d0.1284: LastWriteTime: 2016-07-16T11:42:21.577586000Z 6d0.1284: ChangeTime: 2016-09-25T09:10:40.680626400Z 6d0.1284: FileAttributes: 0x20 6d0.1284: Size: 0x18960 6d0.1284: NT Headers: 0xc8 6d0.1284: Timestamp: 0x57899bd2 6d0.1284: Machine: 0x8664 - amd64 6d0.1284: Timestamp: 0x57899bd2 6d0.1284: Image Version: 10.0 6d0.1284: SizeOfImage: 0x19000 (102400) 6d0.1284: Resource Dir: 0x18000 LB 0x400 6d0.1284: ProductName: Microsoft® Windows® Operating System 6d0.1284: ProductVersion: 10.0.14393.0 6d0.1284: FileVersion: 10.0.14393.0 (rs1_release.160715-1616) 6d0.1284: FileDescription: ApiSet Schema DLL 6d0.1284: supR3HardenedWinFindAdversaries: 0x80 6d0.1284: \SystemRoot\System32\drivers\MBAMSwissArmy.sys: 6d0.1284: CreationTime: 2015-06-23T06:12:53.663022800Z 6d0.1284: LastWriteTime: 2016-11-04T10:28:25.937496200Z 6d0.1284: ChangeTime: 2016-11-04T10:28:25.937496200Z 6d0.1284: FileAttributes: 0x20 6d0.1284: Size: 0x2eed8 6d0.1284: NT Headers: 0xe0 6d0.1284: Timestamp: 0x55b855d9 6d0.1284: Machine: 0x8664 - amd64 6d0.1284: Timestamp: 0x55b855d9 6d0.1284: Image Version: 6.1 6d0.1284: SizeOfImage: 0x33000 (208896) 6d0.1284: Resource Dir: 0x31000 LB 0x3b8 6d0.1284: ProductName: Malwarebytes Anti-Malware 6d0.1284: ProductVersion: 0.3.0.0 6d0.1284: FileVersion: 0.3.0.0 6d0.1284: FileDescription: Malwarebytes Anti-Malware 6d0.1284: \SystemRoot\System32\drivers\mwac.sys: 6d0.1284: CreationTime: 2015-06-23T06:12:30.456674800Z 6d0.1284: LastWriteTime: 2016-03-10T19:09:10.000000000Z 6d0.1284: ChangeTime: 2016-10-30T22:33:14.763852100Z 6d0.1284: FileAttributes: 0x20 6d0.1284: Size: 0xff80 6d0.1284: NT Headers: 0xe0 6d0.1284: Timestamp: 0x53a0f444 6d0.1284: Machine: 0x8664 - amd64 6d0.1284: Timestamp: 0x53a0f444 6d0.1284: Image Version: 6.2 6d0.1284: SizeOfImage: 0x13000 (77824) 6d0.1284: Resource Dir: 0x11000 LB 0x3e0 6d0.1284: ProductName: Malwarebytes Web Access Control 6d0.1284: ProductVersion: 1.0.6.0 6d0.1284: FileVersion: 1.0.6.0 6d0.1284: FileDescription: Malwarebytes Web Access Control 6d0.1284: \SystemRoot\System32\drivers\mbamchameleon.sys: 6d0.1284: CreationTime: 2015-06-23T06:12:30.483676700Z 6d0.1284: LastWriteTime: 2016-03-10T19:08:58.000000000Z 6d0.1284: ChangeTime: 2016-10-30T22:33:12.935899500Z 6d0.1284: FileAttributes: 0x20 6d0.1284: Size: 0x22580 6d0.1284: NT Headers: 0xe0 6d0.1284: Timestamp: 0x56a95753 6d0.1284: Machine: 0x8664 - amd64 6d0.1284: Timestamp: 0x56a95753 6d0.1284: Image Version: 6.1 6d0.1284: SizeOfImage: 0x26000 (155648) 6d0.1284: Resource Dir: 0x24000 LB 0xba8 6d0.1284: ProductName: Malwarebytes Chameleon 6d0.1284: ProductVersion: 1.1.22.0 6d0.1284: FileVersion: 1.1.22.0 6d0.1284: FileDescription: Malwarebytes Chameleon Protection Driver 6d0.1284: \SystemRoot\System32\drivers\mbam.sys: 6d0.1284: CreationTime: 2015-06-23T06:12:30.439676200Z 6d0.1284: LastWriteTime: 2016-03-10T19:08:54.000000000Z 6d0.1284: ChangeTime: 2016-10-30T22:33:12.935899500Z 6d0.1284: FileAttributes: 0x20 6d0.1284: Size: 0x6980 6d0.1284: NT Headers: 0xd8 6d0.1284: Timestamp: 0x55ca3257 6d0.1284: Machine: 0x8664 - amd64 6d0.1284: Timestamp: 0x55ca3257 6d0.1284: Image Version: 6.1 6d0.1284: SizeOfImage: 0xa000 (40960) 6d0.1284: Resource Dir: 0x8000 LB 0x3a0 6d0.1284: ProductName: Malwarebytes Anti-Malware 6d0.1284: ProductVersion: 0.1.16.0 6d0.1284: FileVersion: 0.1.16.0 6d0.1284: FileDescription: Malwarebytes Anti-Malware 6d0.1284: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox' 6d0.1284: Calling main() 6d0.1284: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 6d0.1284: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox' 6d0.1284: SUPR3HardenedMain: Respawn #1 6d0.1284: System32: \Device\HarddiskVolume1\Windows\System32 6d0.1284: WinSxS: \Device\HarddiskVolume1\Windows\WinSxS 6d0.1284: KnownDllPath: C:\WINDOWS\System32 6d0.1284: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 6d0.1284: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe) 6d0.1284: supR3HardNtEnableThreadCreation: 6d0.1284: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffd1f158d60 pvNtTerminateThread=00007ffd1f1858b0 6d0.1284: supR3HardenedWinDoReSpawn(1): New child 19b8.cac [kernel32]. 6d0.1284: supR3HardNtChildGatherData: PebBaseAddress=00000000002e8000 cbPeb=0x388 6d0.1284: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffd1f0e0000 uNtDllChildAddr=00007ffd1f0e0000 6d0.1284: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffd1f158d60 6d0.1284: supR3HardenedWinSetupChildInit: Start child. 6d0.1284: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. 6d0.1284: supR3HardNtChildPurify: Startup delay kludge #1/0: 514 ms, 62 sleeps 6d0.1284: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 6d0.1284: *0000000000000000-ffffffffffeaffff 0x0001/0x0000 0x0000000 6d0.1284: *0000000000150000-000000000012ffff 0x0004/0x0004 0x0020000 6d0.1284: *0000000000170000-0000000000159fff 0x0002/0x0002 0x0040000 6d0.1284: 0000000000186000-000000000017bfff 0x0001/0x0000 0x0000000 6d0.1284: *0000000000190000-000000000018bfff 0x0002/0x0002 0x0040000 6d0.1284: 0000000000194000-0000000000187fff 0x0001/0x0000 0x0000000 6d0.1284: *00000000001a0000-000000000019dfff 0x0004/0x0004 0x0020000 6d0.1284: 00000000001a2000-0000000000143fff 0x0001/0x0000 0x0000000 6d0.1284: *0000000000200000-0000000000117fff 0x0000/0x0004 0x0020000 6d0.1284: 00000000002e8000-00000000002e4fff 0x0004/0x0004 0x0020000 6d0.1284: 00000000002eb000-00000000001d5fff 0x0000/0x0004 0x0020000 6d0.1284: *0000000000400000-0000000000304fff 0x0000/0x0004 0x0020000 6d0.1284: 00000000004fb000-00000000004f7fff 0x0104/0x0004 0x0020000 6d0.1284: 00000000004fe000-00000000004fbfff 0x0004/0x0004 0x0020000 6d0.1284: 0000000000500000-ffffffff80a1ffff 0x0001/0x0000 0x0000000 6d0.1284: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000 6d0.1284: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000 6d0.1284: 000000007fff0000-ffff800ab451ffff 0x0001/0x0000 0x0000000 6d0.1284: *00007ff64bac0000-00007ff64ba9cfff 0x0002/0x0002 0x0040000 6d0.1284: 00007ff64bae3000-00007ff64b145fff 0x0001/0x0000 0x0000000 6d0.1284: *00007ff64c480000-00007ff64c480fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 6d0.1284: 00007ff64c481000-00007ff64c4effff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 6d0.1284: 00007ff64c4f0000-00007ff64c4f0fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 6d0.1284: 00007ff64c4f1000-00007ff64c535fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 6d0.1284: 00007ff64c536000-00007ff64c536fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 6d0.1284: 00007ff64c537000-00007ff64c537fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 6d0.1284: 00007ff64c538000-00007ff64c53cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 6d0.1284: 00007ff64c53d000-00007ff64c53dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 6d0.1284: 00007ff64c53e000-00007ff64c53efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 6d0.1284: 00007ff64c53f000-00007ff64c542fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 6d0.1284: 00007ff64c543000-00007ff64c58afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 6d0.1284: 00007ff64c58b000-00007fef79a35fff 0x0001/0x0000 0x0000000 6d0.1284: *00007ffd1f0e0000-00007ffd1f0e0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 6d0.1284: 00007ffd1f0e1000-00007ffd1f1e7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 6d0.1284: 00007ffd1f1e8000-00007ffd1f22bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 6d0.1284: 00007ffd1f22c000-00007ffd1f234fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 6d0.1284: 00007ffd1f235000-00007ffd1f242fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 6d0.1284: 00007ffd1f243000-00007ffd1f243fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 6d0.1284: 00007ffd1f244000-00007ffd1f246fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 6d0.1284: 00007ffd1f247000-00007ffd1f2b0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 6d0.1284: 00007ffd1f2b1000-00007ffa3e581fff 0x0001/0x0000 0x0000000 6d0.1284: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000 6d0.1284: VirtualBox.exe: timestamp 0x58062715 (rc=VINF_SUCCESS) 6d0.1284: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 6d0.1284: '\Device\HarddiskVolume1\Windows\System32\ntdll.dll' has no imports 6d0.1284: supR3HardNtChildPurify: Done after 601 ms and 0 fixes (loop #0). 19b8.cac: Log file opened: 5.1.8r111374 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa0383900 19b8.cac: supR3HardenedVmProcessInit: uNtDllAddr=00007ffd1f0e0000 g_uNtVerCombined=0xa0383900 19b8.cac: ntdll.dll: timestamp 0x5801a332 (rc=VINF_SUCCESS) 19b8.cac: New simple heap: #1 0000000000600000 LB 0x400000 (for 1904640 allocation) 6d0.1284: supR3HardNtEnableThreadCreation: 19b8.cac: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox' 19b8.cac: System32: \Device\HarddiskVolume1\Windows\System32 19b8.cac: WinSxS: \Device\HarddiskVolume1\Windows\WinSxS 19b8.cac: KnownDllPath: C:\WINDOWS\System32 19b8.cac: supR3HardenedVmProcessInit: Opening vboxdrv stub... 19b8.cac: supR3HardenedWinReadErrorInfoDevice: 'RTLdrOpenWithReader failed: -626 (Image='\Device\HarddiskVolume1\Windows\System32\ntdll.dll').' 19b8.cac: Error -626 in supR3HardenedWinReSpawn! (enmWhat=3) 19b8.cac: NtCreateFile(\Device\VBoxDrvStub) failed: Unknown Status -626 (0xfffffd8e) (rcNt=0xe986fd8e) VBoxDrvStub error: RTLdrOpenWithReader failed: -626 (Image='\Device\HarddiskVolume1\Windows\System32\ntdll.dll'). 6d0.1284: supR3HardenedWinCheckChild: enmRequest=2 rc=-626 enmWhat=3 supR3HardenedWinReSpawn: NtCreateFile(\Device\VBoxDrvStub) failed: Unknown Status -626 (0xfffffd8e) (rcNt=0xe986fd8e) VBoxDrvStub error: RTLdrOpenWithReader failed: -626 (Image='\Device\HarddiskVolume1\Windows\System32\ntdll.dll'). 6d0.1284: Error -626 in supR3HardenedWinReSpawn! (enmWhat=3) 6d0.1284: NtCreateFile(\Device\VBoxDrvStub) failed: Unknown Status -626 (0xfffffd8e) (rcNt=0xe986fd8e) VBoxDrvStub error: RTLdrOpenWithReader failed: -626 (Image='\Device\HarddiskVolume1\Windows\System32\ntdll.dll').