5b0.16f4: Log file opened: 5.2.6r120293 g_hStartupLog=0000000000000068 g_uNtVerCombined=0xa03fab00 5b0.16f4: \SystemRoot\System32\ntdll.dll: 5b0.16f4: CreationTime: 2018-02-20T00:08:50.390961500Z 5b0.16f4: LastWriteTime: 2018-02-10T06:15:34.902092600Z 5b0.16f4: ChangeTime: 2018-02-20T11:51:35.492825500Z 5b0.16f4: FileAttributes: 0x20 5b0.16f4: Size: 0x1dd100 5b0.16f4: NT Headers: 0xe0 5b0.16f4: Timestamp: 0xeffc9126 5b0.16f4: Machine: 0x8664 - amd64 5b0.16f4: Timestamp: 0xeffc9126 5b0.16f4: Image Version: 10.0 5b0.16f4: SizeOfImage: 0x1e0000 (1966080) 5b0.16f4: Resource Dir: 0x174000 LB 0x6a1d8 5b0.16f4: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] 5b0.16f4: [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)] 5b0.16f4: ProductName: Microsoft® Windows® Operating System 5b0.16f4: ProductVersion: 10.0.16299.248 5b0.16f4: FileVersion: 10.0.16299.248 (WinBuild.160101.0800) 5b0.16f4: FileDescription: NT Layer DLL 5b0.16f4: \SystemRoot\System32\kernel32.dll: 5b0.16f4: CreationTime: 2017-09-29T13:42:04.954227600Z 5b0.16f4: LastWriteTime: 2017-09-29T13:42:04.954227600Z 5b0.16f4: ChangeTime: 2018-01-08T17:21:26.779924100Z 5b0.16f4: FileAttributes: 0x20 5b0.16f4: Size: 0xab868 5b0.16f4: NT Headers: 0xe8 5b0.16f4: Timestamp: 0xc2cf900 5b0.16f4: Machine: 0x8664 - amd64 5b0.16f4: Timestamp: 0xc2cf900 5b0.16f4: Image Version: 10.0 5b0.16f4: SizeOfImage: 0xae000 (712704) 5b0.16f4: Resource Dir: 0xac000 LB 0x520 5b0.16f4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 5b0.16f4: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)] 5b0.16f4: ProductName: Microsoft® Windows® Operating System 5b0.16f4: ProductVersion: 10.0.16299.15 5b0.16f4: FileVersion: 10.0.16299.15 (WinBuild.160101.0800) 5b0.16f4: FileDescription: Windows NT BASE API Client DLL 5b0.16f4: \SystemRoot\System32\KernelBase.dll: 5b0.16f4: CreationTime: 2018-02-20T00:08:34.680981400Z 5b0.16f4: LastWriteTime: 2018-02-10T06:15:53.408982400Z 5b0.16f4: ChangeTime: 2018-02-20T11:51:31.398635500Z 5b0.16f4: FileAttributes: 0x20 5b0.16f4: Size: 0x266000 5b0.16f4: NT Headers: 0xf0 5b0.16f4: Timestamp: 0x4414ec23 5b0.16f4: Machine: 0x8664 - amd64 5b0.16f4: Timestamp: 0x4414ec23 5b0.16f4: Image Version: 10.0 5b0.16f4: SizeOfImage: 0x266000 (2514944) 5b0.16f4: Resource Dir: 0x245000 LB 0x548 5b0.16f4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 5b0.16f4: [Raw version resource data: 0x2450b0 LB 0x3bc, codepage 0x0 (reserved 0x0)] 5b0.16f4: ProductName: Microsoft® Windows® Operating System 5b0.16f4: ProductVersion: 10.0.16299.248 5b0.16f4: FileVersion: 10.0.16299.248 (WinBuild.160101.0800) 5b0.16f4: FileDescription: Windows NT BASE API Client DLL 5b0.16f4: \SystemRoot\System32\apisetschema.dll: 5b0.16f4: CreationTime: 2017-09-29T13:42:07.095026600Z 5b0.16f4: LastWriteTime: 2017-09-29T13:42:07.095026600Z 5b0.16f4: ChangeTime: 2018-02-20T00:18:10.804032900Z 5b0.16f4: FileAttributes: 0x20 5b0.16f4: Size: 0x1b398 5b0.16f4: NT Headers: 0xc8 5b0.16f4: Timestamp: 0xf30abf31 5b0.16f4: Machine: 0x8664 - amd64 5b0.16f4: Timestamp: 0xf30abf31 5b0.16f4: Image Version: 10.0 5b0.16f4: SizeOfImage: 0x1c000 (114688) 5b0.16f4: Resource Dir: 0x1b000 LB 0x408 5b0.16f4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 5b0.16f4: [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)] 5b0.16f4: ProductName: Microsoft® Windows® Operating System 5b0.16f4: ProductVersion: 10.0.16299.15 5b0.16f4: FileVersion: 10.0.16299.15 (WinBuild.160101.0800) 5b0.16f4: FileDescription: ApiSet Schema DLL 5b0.16f4: NtOpenDirectoryObject failed on \Driver: 0xc0000022 5b0.16f4: supR3HardenedWinFindAdversaries: 0x2020 5b0.16f4: \SystemRoot\System32\drivers\mfeavfk.sys: 5b0.16f4: CreationTime: 2017-07-26T16:43:32.195825300Z 5b0.16f4: LastWriteTime: 2018-02-22T23:03:58.453438500Z 5b0.16f4: ChangeTime: 2018-02-22T23:03:58.453438500Z 5b0.16f4: FileAttributes: 0x20 5b0.16f4: Size: 0x56de8 5b0.16f4: NT Headers: 0xf8 5b0.16f4: Timestamp: 0x59ceade6 5b0.16f4: Machine: 0x8664 - amd64 5b0.16f4: Timestamp: 0x59ceade6 5b0.16f4: Image Version: 0.0 5b0.16f4: SizeOfImage: 0x57000 (356352) 5b0.16f4: Resource Dir: 0x55000 LB 0x750 5b0.16f4: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] 5b0.16f4: [Raw version resource data: 0x55110 LB 0x32c, codepage 0x0 (reserved 0x0)] 5b0.16f4: ProductName: SYSCORE 5b0.16f4: ProductVersion: 15.7.0.665 5b0.16f4: FileVersion: SYSCORE.15.7.0.665 5b0.16f4: PrivateBuild: SYSCORE.15.7.0.665 F15,F16,F19 5b0.16f4: FileDescription: Anti-Virus File System Filter Driver 5b0.16f4: \SystemRoot\System32\drivers\mfefirek.sys: 5b0.16f4: CreationTime: 2017-07-26T16:43:42.187712600Z 5b0.16f4: LastWriteTime: 2018-02-22T23:03:59.204439900Z 5b0.16f4: ChangeTime: 2018-02-22T23:03:59.204439900Z 5b0.16f4: FileAttributes: 0x20 5b0.16f4: Size: 0x7b9e8 5b0.16f4: NT Headers: 0xe0 5b0.16f4: Timestamp: 0x59ceaea4 5b0.16f4: Machine: 0x8664 - amd64 5b0.16f4: Timestamp: 0x59ceaea4 5b0.16f4: Image Version: 0.0 5b0.16f4: SizeOfImage: 0x7d000 (512000) 5b0.16f4: Resource Dir: 0x79000 LB 0x380 5b0.16f4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 5b0.16f4: [Raw version resource data: 0x79060 LB 0x320, codepage 0x0 (reserved 0x0)] 5b0.16f4: ProductName: SYSCORE 5b0.16f4: ProductVersion: 15.7.0.665 5b0.16f4: FileVersion: SYSCORE.15.7.0.665 5b0.16f4: PrivateBuild: SYSCORE.15.7.0.665 F17,F18 5b0.16f4: FileDescription: McAfee Core Firewall Engine Driver 5b0.16f4: \SystemRoot\System32\drivers\mfehidk.sys: 5b0.16f4: CreationTime: 2017-07-26T16:43:29.095377100Z 5b0.16f4: LastWriteTime: 2018-02-22T23:03:58.646954500Z 5b0.16f4: ChangeTime: 2018-02-22T23:03:58.646954500Z 5b0.16f4: FileAttributes: 0x20 5b0.16f4: Size: 0xe51e8 5b0.16f4: NT Headers: 0xf8 5b0.16f4: Timestamp: 0x59cead55 5b0.16f4: Machine: 0x8664 - amd64 5b0.16f4: Timestamp: 0x59cead55 5b0.16f4: Image Version: 0.0 5b0.16f4: SizeOfImage: 0xf0000 (983040) 5b0.16f4: Resource Dir: 0xec000 LB 0x750 5b0.16f4: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] 5b0.16f4: [Raw version resource data: 0xec110 LB 0x318, codepage 0x0 (reserved 0x0)] 5b0.16f4: ProductName: SYSCORE 5b0.16f4: ProductVersion: 15.7.0.665 5b0.16f4: FileVersion: SYSCORE.15.7.0.665 5b0.16f4: PrivateBuild: SYSCORE.15.7.0.665 F14,F15,F16,F18,F20 5b0.16f4: FileDescription: McAfee Link Driver 5b0.16f4: \SystemRoot\System32\drivers\mfewfpk.sys: 5b0.16f4: CreationTime: 2017-07-26T16:43:28.147101200Z 5b0.16f4: LastWriteTime: 2018-02-22T23:03:58.794346800Z 5b0.16f4: ChangeTime: 2018-02-22T23:03:58.794346800Z 5b0.16f4: FileAttributes: 0x20 5b0.16f4: Size: 0x3dbe8 5b0.16f4: NT Headers: 0x100 5b0.16f4: Timestamp: 0x59cead75 5b0.16f4: Machine: 0x8664 - amd64 5b0.16f4: Timestamp: 0x59cead75 5b0.16f4: Image Version: 0.0 5b0.16f4: SizeOfImage: 0x59000 (364544) 5b0.16f4: Resource Dir: 0x57000 LB 0x378 5b0.16f4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 5b0.16f4: [Raw version resource data: 0x57060 LB 0x318, codepage 0x0 (reserved 0x0)] 5b0.16f4: ProductName: SYSCORE 5b0.16f4: ProductVersion: 15.7.0.665 5b0.16f4: FileVersion: SYSCORE.15.7.0.665 5b0.16f4: PrivateBuild: SYSCORE.15.7.0.665 F17,F18 5b0.16f4: FileDescription: Anti-Virus Mini-Firewall Driver 5b0.16f4: \SystemRoot\System32\drivers\dgmaster.sys: 5b0.16f4: CreationTime: 2017-10-17T17:18:39.207673500Z 5b0.16f4: LastWriteTime: 2017-07-18T22:11:22.000000000Z 5b0.16f4: ChangeTime: 2018-01-08T17:37:57.358708200Z 5b0.16f4: FileAttributes: 0x20 5b0.16f4: Size: 0x253a80 5b0.16f4: NT Headers: 0x108 5b0.16f4: Timestamp: 0x596ea8c3 5b0.16f4: Machine: 0x8664 - amd64 5b0.16f4: Timestamp: 0x596ea8c3 5b0.16f4: Image Version: 6.3 5b0.16f4: SizeOfImage: 0x32c000 (3325952) 5b0.16f4: Resource Dir: 0x2ec000 LB 0x35f68 5b0.16f4: [Version info resource found at 0x270! (ID/Name: 0x1; SubID/SubName: 0x409)] 5b0.16f4: [Raw version resource data: 0x321c30 LB 0x338, codepage 0x0 (reserved 0x0)] 5b0.16f4: ProductName: Digital Guardian 5b0.16f4: ProductVersion: 7.3 5b0.16f4: FileVersion: 7.3.2.0442 5b0.16f4: FileDescription: Digital Guardian Agent Master 5b0.16f4: supR3HardenedWinFindAdversaries: Found newer version: 0x2020 -> 0x4020 5b0.16f4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' 5b0.16f4: Calling main() 5b0.16f4: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 5b0.16f4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' 5b0.16f4: SUPR3HardenedMain: Respawn #1 5b0.16f4: System32: \Device\HarddiskVolume3\Windows\System32 5b0.16f4: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS 5b0.16f4: KnownDllPath: C:\WINDOWS\System32 5b0.16f4: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 5b0.16f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe) 5b0.16f4: supR3HardNtEnableThreadCreation: 5b0.16f4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffdee3391e0 pvNtTerminateThread=00007ffdee3608d0 5b0.16f4: supR3HardenedWinDoReSpawn(1): New child 6c0.36a0 [kernel32]. 5b0.16f4: supR3HardNtChildGatherData: PebBaseAddress=0000000000919000 cbPeb=0x388 5b0.16f4: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffdee2c0000 uNtDllChildAddr=00007ffdee2c0000 5b0.16f4: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffdee3391e0 5b0.16f4: supR3HardenedWinSetupChildInit: Start child. 5b0.16f4: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. 5b0.16f4: supR3HardNtChildPurify: Startup delay kludge #1/0: 516 ms, 33 sleeps 5b0.16f4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 5b0.16f4: *0000000000000000-00000000007affff 0x0001/0x0000 0x0000000 5b0.16f4: *00000000007b0000-00000000007cffff 0x0004/0x0004 0x0020000 5b0.16f4: *00000000007d0000-00000000007e8fff 0x0002/0x0002 0x0040000 5b0.16f4: 00000000007e9000-00000000007effff 0x0001/0x0000 0x0000000 5b0.16f4: *00000000007f0000-00000000007f3fff 0x0002/0x0002 0x0040000 5b0.16f4: 00000000007f4000-00000000007fffff 0x0001/0x0000 0x0000000 5b0.16f4: *0000000000800000-0000000000918fff 0x0000/0x0004 0x0020000 5b0.16f4: 0000000000919000-000000000091bfff 0x0004/0x0004 0x0020000 5b0.16f4: 000000000091c000-00000000009fffff 0x0000/0x0004 0x0020000 5b0.16f4: *0000000000a00000-0000000000afafff 0x0000/0x0004 0x0020000 5b0.16f4: 0000000000afb000-0000000000afdfff 0x0104/0x0004 0x0020000 5b0.16f4: 0000000000afe000-0000000000afffff 0x0004/0x0004 0x0020000 5b0.16f4: *0000000000b00000-0000000000b00fff 0x0004/0x0004 0x0020000 5b0.16f4: 0000000000b01000-000000007ffdffff 0x0001/0x0000 0x0000000 5b0.16f4: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 5b0.16f4: *000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000 5b0.16f4: 000000007fff0000-00007ff7049bffff 0x0001/0x0000 0x0000000 5b0.16f4: *00007ff7049c0000-00007ff7049e2fff 0x0002/0x0002 0x0040000 5b0.16f4: 00007ff7049e3000-00007ff70569ffff 0x0001/0x0000 0x0000000 5b0.16f4: *00007ff7056a0000-00007ff7056a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 5b0.16f4: 00007ff7056a1000-00007ff705711fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 5b0.16f4: 00007ff705712000-00007ff705712fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 5b0.16f4: 00007ff705713000-00007ff705758fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 5b0.16f4: 00007ff705759000-00007ff705759fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 5b0.16f4: 00007ff70575a000-00007ff70575afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 5b0.16f4: 00007ff70575b000-00007ff70575ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 5b0.16f4: 00007ff705760000-00007ff705760fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 5b0.16f4: 00007ff705761000-00007ff705761fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 5b0.16f4: 00007ff705762000-00007ff705765fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 5b0.16f4: 00007ff705766000-00007ff7057adfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 5b0.16f4: 00007ff7057ae000-00007ffdee2bffff 0x0001/0x0000 0x0000000 5b0.16f4: *00007ffdee2c0000-00007ffdee2c0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 5b0.16f4: 00007ffdee2c1000-00007ffdee3d2fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 5b0.16f4: 00007ffdee3d3000-00007ffdee418fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 5b0.16f4: 00007ffdee419000-00007ffdee420fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 5b0.16f4: 00007ffdee421000-00007ffdee42efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 5b0.16f4: 00007ffdee42f000-00007ffdee42ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 5b0.16f4: 00007ffdee430000-00007ffdee432fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 5b0.16f4: 00007ffdee433000-00007ffdee49ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 5b0.16f4: 00007ffdee4a0000-00007ffffffdffff 0x0001/0x0000 0x0000000 5b0.16f4: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000 5b0.16f4: VirtualBox.exe: timestamp 0x5a5cc1cb (rc=VINF_SUCCESS) 5b0.16f4: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 5b0.16f4: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports 5b0.16f4: supR3HardNtChildPurify: Done after 578 ms and 0 fixes (loop #0). 5b0.16f4: supR3HardNtEnableThreadCreation: 6c0.36a0: Log file opened: 5.2.6r120293 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa03fab00 6c0.36a0: supR3HardenedVmProcessInit: uNtDllAddr=00007ffdee2c0000 g_uNtVerCombined=0xa03fab00 6c0.36a0: ntdll.dll: timestamp 0xeffc9126 (rc=VINF_SUCCESS) 6c0.36a0: New simple heap: #1 0000000000c10000 LB 0x400000 (for 1966080 allocation) 6c0.36a0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' 6c0.36a0: System32: \Device\HarddiskVolume3\Windows\System32 6c0.36a0: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS 6c0.36a0: KnownDllPath: C:\WINDOWS\System32 6c0.36a0: supR3HardenedVmProcessInit: Opening vboxdrv stub... 6c0.36a0: Error opening VBoxDrvStub: STATUS_OBJECT_NAME_NOT_FOUND 6c0.36a0: supR3HardenedWinReadErrorInfoDevice: NtCreateFile -> 0xc0000034 6c0.36a0: Error -101 in supR3HardenedWinReSpawn! (enmWhat=3) 6c0.36a0: NtCreateFile(\Device\VBoxDrvStub) failed: 0xc0000034 STATUS_OBJECT_NAME_NOT_FOUND (0 retries) Driver is probably stuck stopping/starting. Try 'sc.exe query vboxdrv' to get more information about its state. Rebooting may actually help. 5b0.16f4: supR3HardenedWinCheckChild: enmRequest=2 rc=-101 enmWhat=3 supR3HardenedWinReSpawn: NtCreateFile(\Device\VBoxDrvStub) failed: 0xc0000034 STATUS_OBJECT_NAME_NOT_FOUND (0 retries) Driver is probably stuck stopping/starting. Try 'sc.exe query vboxdrv' to get more information about its state. Rebooting may actually help. 5b0.16f4: Error -101 in supR3HardenedWinReSpawn! (enmWhat=3) 5b0.16f4: NtCreateFile(\Device\VBoxDrvStub) failed: 0xc0000034 STATUS_OBJECT_NAME_NOT_FOUND (0 retries) Driver is probably stuck stopping/starting. Try 'sc.exe query vboxdrv' to get more information about its state. Rebooting may actually help.