1a54.1a74: Log file opened: 5.2.12r122591 g_hStartupLog=0000000000000014 g_uNtVerCombined=0x611db110 1a54.1a74: \SystemRoot\System32\ntdll.dll: 1a54.1a74: CreationTime: 2016-03-24T18:46:47.842001600Z 1a54.1a74: LastWriteTime: 2015-07-23T00:03:19.290418300Z 1a54.1a74: ChangeTime: 2016-06-04T20:33:38.730801500Z 1a54.1a74: FileAttributes: 0x20 1a54.1a74: Size: 0x1a67c0 1a54.1a74: NT Headers: 0xe0 1a54.1a74: Timestamp: 0x55b02e88 1a54.1a74: Machine: 0x8664 - amd64 1a54.1a74: Timestamp: 0x55b02e88 1a54.1a74: Image Version: 6.1 1a54.1a74: SizeOfImage: 0x1a9000 (1740800) 1a54.1a74: Resource Dir: 0x14d000 LB 0x5a028 1a54.1a74: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] 1a54.1a74: [Raw version resource data: 0x14d0f0 LB 0x380, codepage 0x0 (reserved 0x0)] 1a54.1a74: ProductName: Microsoft® Windows® Operating System 1a54.1a74: ProductVersion: 6.1.7601.18939 1a54.1a74: FileVersion: 6.1.7601.18939 (win7sp1_gdr.150722-0600) 1a54.1a74: FileDescription: NT Layer DLL 1a54.1a74: \SystemRoot\System32\kernel32.dll: 1a54.1a74: CreationTime: 2016-03-24T18:46:47.732801600Z 1a54.1a74: LastWriteTime: 2015-07-23T00:02:40.437000000Z 1a54.1a74: ChangeTime: 2016-06-04T20:33:26.531601400Z 1a54.1a74: FileAttributes: 0x20 1a54.1a74: Size: 0x11c000 1a54.1a74: NT Headers: 0xe8 1a54.1a74: Timestamp: 0x55b02e7a 1a54.1a74: Machine: 0x8664 - amd64 1a54.1a74: Timestamp: 0x55b02e7a 1a54.1a74: Image Version: 6.1 1a54.1a74: SizeOfImage: 0x11f000 (1175552) 1a54.1a74: Resource Dir: 0x116000 LB 0x528 1a54.1a74: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 1a54.1a74: [Raw version resource data: 0x1160b0 LB 0x3a4, codepage 0x0 (reserved 0x0)] 1a54.1a74: ProductName: Microsoft® Windows® Operating System 1a54.1a74: ProductVersion: 6.1.7601.18939 1a54.1a74: FileVersion: 6.1.7601.18939 (win7sp1_gdr.150722-0600) 1a54.1a74: FileDescription: Windows NT BASE API Client DLL 1a54.1a74: \SystemRoot\System32\KernelBase.dll: 1a54.1a74: CreationTime: 2016-03-24T18:46:49.074401600Z 1a54.1a74: LastWriteTime: 2015-07-23T00:02:40.437000000Z 1a54.1a74: ChangeTime: 2016-06-04T20:33:26.531601400Z 1a54.1a74: FileAttributes: 0x20 1a54.1a74: Size: 0x67a00 1a54.1a74: NT Headers: 0xe8 1a54.1a74: Timestamp: 0x55b02e7b 1a54.1a74: Machine: 0x8664 - amd64 1a54.1a74: Timestamp: 0x55b02e7b 1a54.1a74: Image Version: 6.1 1a54.1a74: SizeOfImage: 0x6c000 (442368) 1a54.1a74: Resource Dir: 0x6a000 LB 0x530 1a54.1a74: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 1a54.1a74: [Raw version resource data: 0x6a0b0 LB 0x3ac, codepage 0x0 (reserved 0x0)] 1a54.1a74: ProductName: Microsoft® Windows® Operating System 1a54.1a74: ProductVersion: 6.1.7601.18939 1a54.1a74: FileVersion: 6.1.7601.18939 (win7sp1_gdr.150722-0600) 1a54.1a74: FileDescription: Windows NT BASE API Client DLL 1a54.1a74: \SystemRoot\System32\apisetschema.dll: 1a54.1a74: CreationTime: 2016-03-24T18:46:50.182001600Z 1a54.1a74: LastWriteTime: 2015-07-22T23:52:01.328000000Z 1a54.1a74: ChangeTime: 2016-06-04T20:33:17.093601300Z 1a54.1a74: FileAttributes: 0x20 1a54.1a74: Size: 0x1a00 1a54.1a74: NT Headers: 0xc0 1a54.1a74: Timestamp: 0x55b02ce6 1a54.1a74: Machine: 0x8664 - amd64 1a54.1a74: Timestamp: 0x55b02ce6 1a54.1a74: Image Version: 6.1 1a54.1a74: SizeOfImage: 0x50000 (327680) 1a54.1a74: Resource Dir: 0x30000 LB 0x3f8 1a54.1a74: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 1a54.1a74: [Raw version resource data: 0x30060 LB 0x398, codepage 0x0 (reserved 0x0)] 1a54.1a74: ProductName: Microsoft® Windows® Operating System 1a54.1a74: ProductVersion: 6.1.7601.18939 1a54.1a74: FileVersion: 6.1.7601.18939 (win7sp1_gdr.150722-0600) 1a54.1a74: FileDescription: ApiSet Schema DLL 1a54.1a74: supR3HardenedWinFindAdversaries: 0x0 1a54.1a74: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 1a54.1a74: Calling main() 1a54.1a74: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 1a54.1a74: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 1a54.1a74: SUPR3HardenedMain: Respawn #1 1a54.1a74: System32: \Device\HarddiskVolume2\Windows\System32 1a54.1a74: WinSxS: \Device\HarddiskVolume2\Windows\winsxs 1a54.1a74: KnownDllPath: C:\Windows\system32 1a54.1a74: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 1a54.1a74: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe) 1a54.1a74: supR3HardNtEnableThreadCreation: 1a54.1a74: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000076dbb630 pvNtTerminateThread=0000000076dddee0 1a54.1a74: supR3HardenedWinDoReSpawn(1): New child 1ad0.1678 [kernel32]. 1a54.1a74: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdf000 cbPeb=0x380 1a54.1a74: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000076d90000 uNtDllChildAddr=0000000076d90000 1a54.1a74: supR3HardenedWinSetupChildInit: uLdrInitThunk=0000000076dbb630 1a54.1a74: supR3HardenedWinSetupChildInit: Start child. 1a54.1a74: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. 1a54.1a74: supR3HardNtChildPurify: Startup delay kludge #1/0: 265 ms, 17 sleeps 1a54.1a74: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 1a54.1a74: *0000000000000000-000000000000ffff 0x0001/0x0000 0x0000000 1a54.1a74: *0000000000010000-000000000002ffff 0x0004/0x0004 0x0020000 1a54.1a74: *0000000000030000-0000000000033fff 0x0002/0x0002 0x0040000 1a54.1a74: 0000000000034000-000000000003ffff 0x0001/0x0000 0x0000000 1a54.1a74: *0000000000040000-0000000000040fff 0x0004/0x0004 0x0020000 1a54.1a74: 0000000000041000-00000000001affff 0x0001/0x0000 0x0000000 1a54.1a74: *00000000001b0000-00000000002abfff 0x0000/0x0004 0x0020000 1a54.1a74: 00000000002ac000-00000000002adfff 0x0104/0x0004 0x0020000 1a54.1a74: 00000000002ae000-00000000002affff 0x0004/0x0004 0x0020000 1a54.1a74: 00000000002b0000-0000000076d8ffff 0x0001/0x0000 0x0000000 1a54.1a74: *0000000076d90000-0000000076d90fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1a54.1a74: 0000000076d91000-0000000076e8efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1a54.1a74: 0000000076e8f000-0000000076ebdfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1a54.1a74: 0000000076ebe000-0000000076ec5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1a54.1a74: 0000000076ec6000-0000000076ec6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1a54.1a74: 0000000076ec7000-0000000076ec9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1a54.1a74: 0000000076eca000-0000000076f38fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1a54.1a74: 0000000076f39000-000000007efdffff 0x0001/0x0000 0x0000000 1a54.1a74: *000000007efe0000-000000007ffdffff 0x0000/0x0002 0x0020000 1a54.1a74: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 1a54.1a74: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000 1a54.1a74: 000000007fff0000-000000013f51ffff 0x0001/0x0000 0x0000000 1a54.1a74: *000000013f520000-000000013f520fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1a54.1a74: 000000013f521000-000000013f591fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1a54.1a74: 000000013f592000-000000013f592fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1a54.1a74: 000000013f593000-000000013f5d8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1a54.1a74: 000000013f5d9000-000000013f5d9fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1a54.1a74: 000000013f5da000-000000013f5dafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1a54.1a74: 000000013f5db000-000000013f5dffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1a54.1a74: 000000013f5e0000-000000013f5e0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1a54.1a74: 000000013f5e1000-000000013f5e1fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1a54.1a74: 000000013f5e2000-000000013f5e5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1a54.1a74: 000000013f5e6000-000000013f62dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1a54.1a74: 000000013f62e000-000007feff0affff 0x0001/0x0000 0x0000000 1a54.1a74: *000007feff0b0000-000007feff0b0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll 1a54.1a74: 000007feff0b1000-000007fffffaffff 0x0001/0x0000 0x0000000 1a54.1a74: *000007fffffb0000-000007fffffd2fff 0x0002/0x0002 0x0040000 1a54.1a74: 000007fffffd3000-000007fffffdcfff 0x0001/0x0000 0x0000000 1a54.1a74: *000007fffffdd000-000007fffffdefff 0x0004/0x0004 0x0020000 1a54.1a74: *000007fffffdf000-000007fffffdffff 0x0004/0x0004 0x0020000 1a54.1a74: *000007fffffe0000-000007fffffeffff 0x0001/0x0002 0x0020000 1a54.1a74: apisetschema.dll: timestamp 0x55b02ce6 (rc=VINF_SUCCESS) 1a54.1a74: VirtualBox.exe: timestamp 0x5af2c2c3 (rc=VINF_SUCCESS) 1a54.1a74: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 1a54.1a74: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports 1a54.1a74: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports 1a54.1a74: supR3HardNtChildPurify: Done after 281 ms and 0 fixes (loop #0). 1ad0.1678: Log file opened: 5.2.12r122591 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100 1ad0.1678: supR3HardenedVmProcessInit: uNtDllAddr=0000000076d90000 g_uNtVerCombined=0x611db100 1ad0.1678: ntdll.dll: timestamp 0x55b02e88 (rc=VINF_SUCCESS) 1ad0.1678: New simple heap: #1 00000000002b0000 LB 0x400000 (for 1740800 allocation) 1a54.1a74: supR3HardNtEnableThreadCreation: 1ad0.1678: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 1ad0.1678: System32: \Device\HarddiskVolume2\Windows\System32 1ad0.1678: WinSxS: \Device\HarddiskVolume2\Windows\winsxs 1ad0.1678: KnownDllPath: C:\Windows\system32 1ad0.1678: supR3HardenedVmProcessInit: Opening vboxdrv stub... 1ad0.1678: Error opening VBoxDrvStub: STATUS_OBJECT_NAME_NOT_FOUND 1ad0.1678: supR3HardenedWinReadErrorInfoDevice: NtCreateFile -> 0xc0000034 1ad0.1678: Error -101 in supR3HardenedWinReSpawn! (enmWhat=3) 1ad0.1678: NtCreateFile(\Device\VBoxDrvStub) failed: 0xc0000034 STATUS_OBJECT_NAME_NOT_FOUND (0 retries) Driver is probably stuck stopping/starting. Try 'sc.exe query vboxdrv' to get more information about its state. Rebooting may actually help. 1a54.1a74: supR3HardenedWinCheckChild: enmRequest=2 rc=-101 enmWhat=3 supR3HardenedWinReSpawn: NtCreateFile(\Device\VBoxDrvStub) failed: 0xc0000034 STATUS_OBJECT_NAME_NOT_FOUND (0 retries) Driver is probably stuck stopping/starting. Try 'sc.exe query vboxdrv' to get more information about its state. Rebooting may actually help. 1a54.1a74: Error -101 in supR3HardenedWinReSpawn! (enmWhat=3) 1a54.1a74: NtCreateFile(\Device\VBoxDrvStub) failed: 0xc0000034 STATUS_OBJECT_NAME_NOT_FOUND (0 retries) Driver is probably stuck stopping/starting. Try 'sc.exe query vboxdrv' to get more information about its state. Rebooting may actually help.