36e4.3444: Log file opened: 5.2.8r121009 g_hStartupLog=0000000000000070 g_uNtVerCombined=0xa03fab00 36e4.3444: \SystemRoot\System32\ntdll.dll: 36e4.3444: CreationTime: 2018-05-10T00:19:44.746772700Z 36e4.3444: LastWriteTime: 2018-04-15T21:49:20.567835100Z 36e4.3444: ChangeTime: 2018-05-10T01:06:19.851272100Z 36e4.3444: FileAttributes: 0x20 36e4.3444: Size: 0x1dd108 36e4.3444: NT Headers: 0xe0 36e4.3444: Timestamp: 0xd826f10d 36e4.3444: Machine: 0x8664 - amd64 36e4.3444: Timestamp: 0xd826f10d 36e4.3444: Image Version: 10.0 36e4.3444: SizeOfImage: 0x1e0000 (1966080) 36e4.3444: Resource Dir: 0x174000 LB 0x6a1d8 36e4.3444: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] 36e4.3444: [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)] 36e4.3444: ProductName: Microsoft® Windows® Operating System 36e4.3444: ProductVersion: 10.0.16299.402 36e4.3444: FileVersion: 10.0.16299.402 (WinBuild.160101.0800) 36e4.3444: FileDescription: NT Layer DLL 36e4.3444: \SystemRoot\System32\kernel32.dll: 36e4.3444: CreationTime: 2018-05-10T00:19:28.135100600Z 36e4.3444: LastWriteTime: 2018-05-03T07:43:30.892187700Z 36e4.3444: ChangeTime: 2018-05-10T01:06:17.132385000Z 36e4.3444: FileAttributes: 0x20 36e4.3444: Size: 0xab868 36e4.3444: NT Headers: 0xe8 36e4.3444: Timestamp: 0x309fae94 36e4.3444: Machine: 0x8664 - amd64 36e4.3444: Timestamp: 0x309fae94 36e4.3444: Image Version: 10.0 36e4.3444: SizeOfImage: 0xae000 (712704) 36e4.3444: Resource Dir: 0xac000 LB 0x520 36e4.3444: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 36e4.3444: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)] 36e4.3444: ProductName: Microsoft® Windows® Operating System 36e4.3444: ProductVersion: 10.0.16299.431 36e4.3444: FileVersion: 10.0.16299.431 (WinBuild.160101.0800) 36e4.3444: FileDescription: Windows NT BASE API Client DLL 36e4.3444: \SystemRoot\System32\KernelBase.dll: 36e4.3444: CreationTime: 2018-05-10T00:19:20.534335000Z 36e4.3444: LastWriteTime: 2018-04-15T21:51:08.343639800Z 36e4.3444: ChangeTime: 2018-05-10T01:06:19.398124500Z 36e4.3444: FileAttributes: 0x20 36e4.3444: Size: 0x265c00 36e4.3444: NT Headers: 0xf0 36e4.3444: Timestamp: 0xde35406a 36e4.3444: Machine: 0x8664 - amd64 36e4.3444: Timestamp: 0xde35406a 36e4.3444: Image Version: 10.0 36e4.3444: SizeOfImage: 0x266000 (2514944) 36e4.3444: Resource Dir: 0x245000 LB 0x548 36e4.3444: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 36e4.3444: [Raw version resource data: 0x2450b0 LB 0x3bc, codepage 0x0 (reserved 0x0)] 36e4.3444: ProductName: Microsoft® Windows® Operating System 36e4.3444: ProductVersion: 10.0.16299.402 36e4.3444: FileVersion: 10.0.16299.402 (WinBuild.160101.0800) 36e4.3444: FileDescription: Windows NT BASE API Client DLL 36e4.3444: \SystemRoot\System32\apisetschema.dll: 36e4.3444: CreationTime: 2017-09-29T13:42:07.095026600Z 36e4.3444: LastWriteTime: 2017-09-29T13:42:07.095026600Z 36e4.3444: ChangeTime: 2018-05-10T00:29:45.327235700Z 36e4.3444: FileAttributes: 0x20 36e4.3444: Size: 0x1b398 36e4.3444: NT Headers: 0xc8 36e4.3444: Timestamp: 0xf30abf31 36e4.3444: Machine: 0x8664 - amd64 36e4.3444: Timestamp: 0xf30abf31 36e4.3444: Image Version: 10.0 36e4.3444: SizeOfImage: 0x1c000 (114688) 36e4.3444: Resource Dir: 0x1b000 LB 0x408 36e4.3444: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 36e4.3444: [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)] 36e4.3444: ProductName: Microsoft® Windows® Operating System 36e4.3444: ProductVersion: 10.0.16299.15 36e4.3444: FileVersion: 10.0.16299.15 (WinBuild.160101.0800) 36e4.3444: FileDescription: ApiSet Schema DLL 36e4.3444: NtOpenDirectoryObject failed on \Driver: 0xc0000022 36e4.3444: supR3HardenedWinFindAdversaries: 0x20 36e4.3444: \SystemRoot\System32\drivers\cfwids.sys: 36e4.3444: CreationTime: 2015-07-02T07:33:00.000000000Z 36e4.3444: LastWriteTime: 2016-04-27T08:55:18.000000000Z 36e4.3444: ChangeTime: 2018-03-27T02:32:48.964162400Z 36e4.3444: FileAttributes: 0x20 36e4.3444: Size: 0x13328 36e4.3444: NT Headers: 0xf0 36e4.3444: Timestamp: 0x571a4aa7 36e4.3444: Machine: 0x8664 - amd64 36e4.3444: Timestamp: 0x571a4aa7 36e4.3444: Image Version: 0.0 36e4.3444: SizeOfImage: 0x16000 (90112) 36e4.3444: Resource Dir: 0x14000 LB 0x550 36e4.3444: [Version info resource found at 0x80! (ID/Name: 0x1; SubID/SubName: 0x409)] 36e4.3444: [Raw version resource data: 0x140a0 LB 0x318, codepage 0x0 (reserved 0x0)] 36e4.3444: ProductName: SYSCORE 36e4.3444: ProductVersion: 15.4.0.822 36e4.3444: FileVersion: SYSCORE.15.4.0.822 36e4.3444: PrivateBuild: SYSCORE.15.4.0.822 36e4.3444: FileDescription: McAfee Personal Firewall IDS Plugin 36e4.3444: \SystemRoot\System32\drivers\mfeavfk.sys: 36e4.3444: CreationTime: 2016-03-11T09:04:44.000000000Z 36e4.3444: LastWriteTime: 2016-04-27T08:55:18.000000000Z 36e4.3444: ChangeTime: 2018-03-27T02:32:48.979788000Z 36e4.3444: FileAttributes: 0x20 36e4.3444: Size: 0x55528 36e4.3444: NT Headers: 0xe8 36e4.3444: Timestamp: 0x571a4a46 36e4.3444: Machine: 0x8664 - amd64 36e4.3444: Timestamp: 0x571a4a46 36e4.3444: Image Version: 0.0 36e4.3444: SizeOfImage: 0x57000 (356352) 36e4.3444: Resource Dir: 0x55000 LB 0x758 36e4.3444: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] 36e4.3444: [Raw version resource data: 0x55110 LB 0x334, codepage 0x0 (reserved 0x0)] 36e4.3444: ProductName: SYSCORE 36e4.3444: ProductVersion: 15.4.0.822 36e4.3444: FileVersion: SYSCORE.15.4.0.822 36e4.3444: PrivateBuild: SYSCORE.15.4.0.822 F15,F16,F19 36e4.3444: FileDescription: Anti-Virus File System Filter Driver 36e4.3444: \SystemRoot\System32\drivers\mfefirek.sys: 36e4.3444: CreationTime: 2015-07-02T07:33:00.000000000Z 36e4.3444: LastWriteTime: 2016-04-27T08:55:18.000000000Z 36e4.3444: ChangeTime: 2018-03-27T02:32:48.979788000Z 36e4.3444: FileAttributes: 0x20 36e4.3444: Size: 0x78728 36e4.3444: NT Headers: 0xe8 36e4.3444: Timestamp: 0x571a4a87 36e4.3444: Machine: 0x8664 - amd64 36e4.3444: Timestamp: 0x571a4a87 36e4.3444: Image Version: 0.0 36e4.3444: SizeOfImage: 0x7b000 (503808) 36e4.3444: Resource Dir: 0x77000 LB 0x388 36e4.3444: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 36e4.3444: [Raw version resource data: 0x77060 LB 0x328, codepage 0x0 (reserved 0x0)] 36e4.3444: ProductName: SYSCORE 36e4.3444: ProductVersion: 15.4.0.822 36e4.3444: FileVersion: SYSCORE.15.4.0.822 36e4.3444: PrivateBuild: SYSCORE.15.4.0.822 F17,F18 36e4.3444: FileDescription: McAfee Core Firewall Engine Driver 36e4.3444: \SystemRoot\System32\drivers\mfehidk.sys: 36e4.3444: CreationTime: 2015-07-02T07:33:00.000000000Z 36e4.3444: LastWriteTime: 2016-04-27T08:55:18.000000000Z 36e4.3444: ChangeTime: 2018-03-27T02:32:48.979788000Z 36e4.3444: FileAttributes: 0x20 36e4.3444: Size: 0xcdd28 36e4.3444: NT Headers: 0x100 36e4.3444: Timestamp: 0x571a49df 36e4.3444: Machine: 0x8664 - amd64 36e4.3444: Timestamp: 0x571a49df 36e4.3444: Image Version: 0.0 36e4.3444: SizeOfImage: 0xd9000 (888832) 36e4.3444: Resource Dir: 0xd5000 LB 0x758 36e4.3444: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] 36e4.3444: [Raw version resource data: 0xd5110 LB 0x320, codepage 0x0 (reserved 0x0)] 36e4.3444: ProductName: SYSCORE 36e4.3444: ProductVersion: 15.4.0.822 36e4.3444: FileVersion: SYSCORE.15.4.0.822 36e4.3444: PrivateBuild: SYSCORE.15.4.0.822 F14,F15,F16,F18,F20 36e4.3444: FileDescription: McAfee Link Driver 36e4.3444: \SystemRoot\System32\drivers\mfencbdc.sys: 36e4.3444: CreationTime: 2016-08-01T10:26:02.000000000Z 36e4.3444: LastWriteTime: 2016-08-01T10:26:02.000000000Z 36e4.3444: ChangeTime: 2018-03-27T02:32:48.979788000Z 36e4.3444: FileAttributes: 0x20 36e4.3444: Size: 0x7ed20 36e4.3444: NT Headers: 0xe0 36e4.3444: Timestamp: 0x5763e1ef 36e4.3444: Machine: 0x8664 - amd64 36e4.3444: Timestamp: 0x5763e1ef 36e4.3444: Image Version: 0.0 36e4.3444: SizeOfImage: 0x86000 (548864) 36e4.3444: Resource Dir: 0x84000 LB 0x390 36e4.3444: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 36e4.3444: [Raw version resource data: 0x84060 LB 0x32c, codepage 0x0 (reserved 0x0)] 36e4.3444: ProductName: Anti-Malware Core 36e4.3444: ProductVersion: 1.4.1 36e4.3444: FileVersion: Anti-Malware Core.1.4.1.717.x64 36e4.3444: PrivateBuild: Anti-Malware Core.1.4.1.717.x64 36e4.3444: FileDescription: Event Driver 36e4.3444: \SystemRoot\System32\drivers\mfewfpk.sys: 36e4.3444: CreationTime: 2015-07-02T07:33:00.000000000Z 36e4.3444: LastWriteTime: 2016-04-27T08:55:18.000000000Z 36e4.3444: ChangeTime: 2018-03-27T02:32:48.979788000Z 36e4.3444: FileAttributes: 0x20 36e4.3444: Size: 0x3b720 36e4.3444: NT Headers: 0xf0 36e4.3444: Timestamp: 0x571a49f1 36e4.3444: Machine: 0x8664 - amd64 36e4.3444: Timestamp: 0x571a49f1 36e4.3444: Image Version: 0.0 36e4.3444: SizeOfImage: 0x59000 (364544) 36e4.3444: Resource Dir: 0x57000 LB 0x380 36e4.3444: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 36e4.3444: [Raw version resource data: 0x57060 LB 0x320, codepage 0x0 (reserved 0x0)] 36e4.3444: ProductName: SYSCORE 36e4.3444: ProductVersion: 15.4.0.822 36e4.3444: FileVersion: SYSCORE.15.4.0.822 36e4.3444: PrivateBuild: SYSCORE.15.4.0.822 F17,F18 36e4.3444: FileDescription: Anti-Virus Mini-Firewall Driver 36e4.3444: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\VirtualBox' 36e4.3444: Calling main() 36e4.3444: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 36e4.3444: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume5\Program Files\VirtualBox' 36e4.3444: SUPR3HardenedMain: Respawn #1 36e4.3444: System32: \Device\HarddiskVolume7\Windows\System32 36e4.3444: WinSxS: \Device\HarddiskVolume7\Windows\WinSxS 36e4.3444: KnownDllPath: C:\WINDOWS\System32 36e4.3444: '\Device\HarddiskVolume5\Program Files\VirtualBox\VirtualBox.exe' has no imports 36e4.3444: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\VirtualBox\VirtualBox.exe) 36e4.3444: supR3HardNtEnableThreadCreation: 36e4.3444: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffea1e39280 pvNtTerminateThread=00007ffea1e60d10 36e4.3444: supR3HardenedWinDoReSpawn(1): New child 3690.320c [kernel32]. 36e4.3444: supR3HardNtChildGatherData: PebBaseAddress=0000000000308000 cbPeb=0x388 36e4.3444: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffea1dc0000 uNtDllChildAddr=00007ffea1dc0000 36e4.3444: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffea1e39280 36e4.3444: supR3HardenedWinSetupChildInit: Start child. 36e4.3444: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 11 ms. 36e4.3444: supR3HardNtChildPurify: Startup delay kludge #1/0: 521 ms, 58 sleeps 36e4.3444: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 36e4.3444: *0000000000000000-000000000009ffff 0x0001/0x0000 0x0000000 36e4.3444: *00000000000a0000-00000000000bffff 0x0004/0x0004 0x0020000 36e4.3444: *00000000000c0000-00000000000d8fff 0x0002/0x0002 0x0040000 36e4.3444: 00000000000d9000-00000000000dffff 0x0001/0x0000 0x0000000 36e4.3444: *00000000000e0000-00000000001dafff 0x0000/0x0004 0x0020000 36e4.3444: 00000000001db000-00000000001ddfff 0x0104/0x0004 0x0020000 36e4.3444: 00000000001de000-00000000001dffff 0x0004/0x0004 0x0020000 36e4.3444: *00000000001e0000-00000000001e3fff 0x0002/0x0002 0x0040000 36e4.3444: 00000000001e4000-00000000001effff 0x0001/0x0000 0x0000000 36e4.3444: *00000000001f0000-00000000001f0fff 0x0004/0x0004 0x0020000 36e4.3444: 00000000001f1000-00000000001fffff 0x0001/0x0000 0x0000000 36e4.3444: *0000000000200000-0000000000307fff 0x0000/0x0004 0x0020000 36e4.3444: 0000000000308000-000000000030afff 0x0004/0x0004 0x0020000 36e4.3444: 000000000030b000-00000000003fffff 0x0000/0x0004 0x0020000 36e4.3444: 0000000000400000-000000007ffdffff 0x0001/0x0000 0x0000000 36e4.3444: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 36e4.3444: *000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000 36e4.3444: 000000007fff0000-00007ff65b33ffff 0x0001/0x0000 0x0000000 36e4.3444: *00007ff65b340000-00007ff65b372fff 0x0002/0x0002 0x0040000 36e4.3444: 00007ff65b373000-00007ff65b98ffff 0x0001/0x0000 0x0000000 36e4.3444: *00007ff65b990000-00007ff65b990fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\VirtualBox\VirtualBox.exe 36e4.3444: 00007ff65b991000-00007ff65ba01fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\VirtualBox\VirtualBox.exe 36e4.3444: 00007ff65ba02000-00007ff65ba02fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\VirtualBox\VirtualBox.exe 36e4.3444: 00007ff65ba03000-00007ff65ba48fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\VirtualBox\VirtualBox.exe 36e4.3444: 00007ff65ba49000-00007ff65ba49fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\VirtualBox\VirtualBox.exe 36e4.3444: 00007ff65ba4a000-00007ff65ba4afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\VirtualBox\VirtualBox.exe 36e4.3444: 00007ff65ba4b000-00007ff65ba4ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\VirtualBox\VirtualBox.exe 36e4.3444: 00007ff65ba50000-00007ff65ba50fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\VirtualBox\VirtualBox.exe 36e4.3444: 00007ff65ba51000-00007ff65ba51fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\VirtualBox\VirtualBox.exe 36e4.3444: 00007ff65ba52000-00007ff65ba55fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\VirtualBox\VirtualBox.exe 36e4.3444: 00007ff65ba56000-00007ff65ba9dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\VirtualBox\VirtualBox.exe 36e4.3444: 00007ff65ba9e000-00007ffea1dbffff 0x0001/0x0000 0x0000000 36e4.3444: *00007ffea1dc0000-00007ffea1dc0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ntdll.dll 36e4.3444: 00007ffea1dc1000-00007ffea1ed2fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ntdll.dll 36e4.3444: 00007ffea1ed3000-00007ffea1f18fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ntdll.dll 36e4.3444: 00007ffea1f19000-00007ffea1f20fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ntdll.dll 36e4.3444: 00007ffea1f21000-00007ffea1f2efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ntdll.dll 36e4.3444: 00007ffea1f2f000-00007ffea1f2ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ntdll.dll 36e4.3444: 00007ffea1f30000-00007ffea1f32fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ntdll.dll 36e4.3444: 00007ffea1f33000-00007ffea1f9ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ntdll.dll 36e4.3444: 00007ffea1fa0000-00007ffffffdffff 0x0001/0x0000 0x0000000 36e4.3444: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000 36e4.3444: VirtualBox.exe: timestamp 0x5a942b95 (rc=VINF_SUCCESS) 36e4.3444: '\Device\HarddiskVolume5\Program Files\VirtualBox\VirtualBox.exe' has no imports 36e4.3444: '\Device\HarddiskVolume7\Windows\System32\ntdll.dll' has no imports 36e4.3444: supR3HardNtChildPurify: Done after 598 ms and 0 fixes (loop #0). 36e4.3444: supR3HardNtEnableThreadCreation: 3690.320c: Log file opened: 5.2.8r121009 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa03fab00 3690.320c: supR3HardenedVmProcessInit: uNtDllAddr=00007ffea1dc0000 g_uNtVerCombined=0xa03fab00 3690.320c: ntdll.dll: timestamp 0xd826f10d (rc=VINF_SUCCESS) 3690.320c: New simple heap: #1 0000000000500000 LB 0x400000 (for 1966080 allocation) 3690.320c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\VirtualBox' 3690.320c: System32: \Device\HarddiskVolume7\Windows\System32 3690.320c: WinSxS: \Device\HarddiskVolume7\Windows\WinSxS 3690.320c: KnownDllPath: C:\WINDOWS\System32 3690.320c: supR3HardenedVmProcessInit: Opening vboxdrv stub... 3690.320c: Error opening VBoxDrvStub: STATUS_OBJECT_NAME_NOT_FOUND 3690.320c: supR3HardenedWinReadErrorInfoDevice: NtCreateFile -> 0xc0000034 3690.320c: Error -101 in supR3HardenedWinReSpawn! (enmWhat=3) 3690.320c: NtCreateFile(\Device\VBoxDrvStub) failed: 0xc0000034 STATUS_OBJECT_NAME_NOT_FOUND (0 retries) Driver is probably stuck stopping/starting. Try 'sc.exe query vboxdrv' to get more information about its state. Rebooting may actually help. 36e4.3444: supR3HardenedWinCheckChild: enmRequest=2 rc=-101 enmWhat=3 supR3HardenedWinReSpawn: NtCreateFile(\Device\VBoxDrvStub) failed: 0xc0000034 STATUS_OBJECT_NAME_NOT_FOUND (0 retries) Driver is probably stuck stopping/starting. Try 'sc.exe query vboxdrv' to get more information about its state. Rebooting may actually help. 36e4.3444: Error -101 in supR3HardenedWinReSpawn! (enmWhat=3) 36e4.3444: NtCreateFile(\Device\VBoxDrvStub) failed: 0xc0000034 STATUS_OBJECT_NAME_NOT_FOUND (0 retries) Driver is probably stuck stopping/starting. Try 'sc.exe query vboxdrv' to get more information about its state. Rebooting may actually help.