132c.1bf0: Log file opened: 5.2.12r122591 g_hStartupLog=00000000000000d0 g_uNtVerCombined=0x63258000 132c.1bf0: \SystemRoot\System32\ntdll.dll: 132c.1bf0: CreationTime: 2017-02-16T04:49:09.817733500Z 132c.1bf0: LastWriteTime: 2017-02-16T04:49:09.821736700Z 132c.1bf0: ChangeTime: 2017-02-16T10:06:07.280249900Z 132c.1bf0: FileAttributes: 0x20 132c.1bf0: Size: 0x1a5d10 132c.1bf0: NT Headers: 0xe8 132c.1bf0: Timestamp: 0x530895af 132c.1bf0: Machine: 0x8664 - amd64 132c.1bf0: Timestamp: 0x530895af 132c.1bf0: Image Version: 6.3 132c.1bf0: SizeOfImage: 0x1aa000 (1744896) 132c.1bf0: Resource Dir: 0x145000 LB 0x62450 132c.1bf0: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] 132c.1bf0: [Raw version resource data: 0x1450f0 LB 0x380, codepage 0x0 (reserved 0x0)] 132c.1bf0: ProductName: Microsoft® Windows® Operating System 132c.1bf0: ProductVersion: 6.3.9600.17031 132c.1bf0: FileVersion: 6.3.9600.17031 (winblue_gdr.140221-1952) 132c.1bf0: FileDescription: NT Layer DLL 132c.1bf0: \SystemRoot\System32\kernel32.dll: 132c.1bf0: CreationTime: 2017-02-16T04:54:09.533492900Z 132c.1bf0: LastWriteTime: 2017-02-16T04:54:09.539498000Z 132c.1bf0: ChangeTime: 2017-02-16T10:05:44.622562600Z 132c.1bf0: FileAttributes: 0x20 132c.1bf0: Size: 0x13b3c0 132c.1bf0: NT Headers: 0xe8 132c.1bf0: Timestamp: 0x532a419c 132c.1bf0: Machine: 0x8664 - amd64 132c.1bf0: Timestamp: 0x532a419c 132c.1bf0: Image Version: 6.3 132c.1bf0: SizeOfImage: 0x13a000 (1286144) 132c.1bf0: Resource Dir: 0x12a000 LB 0x520 132c.1bf0: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 132c.1bf0: [Raw version resource data: 0x12a0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)] 132c.1bf0: ProductName: Microsoft® Windows® Operating System 132c.1bf0: ProductVersion: 6.3.9600.17056 132c.1bf0: FileVersion: 6.3.9600.17056 (winblue_gdr.140319-1520) 132c.1bf0: FileDescription: Windows NT BASE API Client DLL 132c.1bf0: \SystemRoot\System32\KernelBase.dll: 132c.1bf0: CreationTime: 2017-02-16T04:54:08.157336800Z 132c.1bf0: LastWriteTime: 2017-02-16T04:54:08.190359600Z 132c.1bf0: ChangeTime: 2017-02-16T10:06:02.436089700Z 132c.1bf0: FileAttributes: 0x20 132c.1bf0: Size: 0x10f9d8 132c.1bf0: NT Headers: 0xf0 132c.1bf0: Timestamp: 0x532954fb 132c.1bf0: Machine: 0x8664 - amd64 132c.1bf0: Timestamp: 0x532954fb 132c.1bf0: Image Version: 6.3 132c.1bf0: SizeOfImage: 0x10f000 (1110016) 132c.1bf0: Resource Dir: 0x10a000 LB 0x3530 132c.1bf0: [Version info resource found at 0x108! (ID/Name: 0x1; SubID/SubName: 0x409)] 132c.1bf0: [Raw version resource data: 0x10a120 LB 0x3bc, codepage 0x0 (reserved 0x0)] 132c.1bf0: ProductName: Microsoft® Windows® Operating System 132c.1bf0: ProductVersion: 6.3.9600.17055 132c.1bf0: FileVersion: 6.3.9600.17055 (winblue_gdr.140318-1651) 132c.1bf0: FileDescription: Windows NT BASE API Client DLL 132c.1bf0: \SystemRoot\System32\apisetschema.dll: 132c.1bf0: CreationTime: 2013-08-22T12:13:09.745625900Z 132c.1bf0: LastWriteTime: 2013-08-22T12:35:12.091034400Z 132c.1bf0: ChangeTime: 2014-03-05T11:30:53.083649900Z 132c.1bf0: FileAttributes: 0x20 132c.1bf0: Size: 0x11360 132c.1bf0: NT Headers: 0xd0 132c.1bf0: Timestamp: 0x52160049 132c.1bf0: Machine: 0x8664 - amd64 132c.1bf0: Timestamp: 0x52160049 132c.1bf0: Image Version: 6.3 132c.1bf0: SizeOfImage: 0x13000 (77824) 132c.1bf0: Resource Dir: 0x11000 LB 0x3f8 132c.1bf0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 132c.1bf0: [Raw version resource data: 0x11060 LB 0x398, codepage 0x0 (reserved 0x0)] 132c.1bf0: ProductName: Microsoft® Windows® Operating System 132c.1bf0: ProductVersion: 6.3.9600.16384 132c.1bf0: FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623) 132c.1bf0: FileDescription: ApiSet Schema DLL 132c.1bf0: NtOpenDirectoryObject failed on \Driver: 0xc0000022 132c.1bf0: supR3HardenedWinFindAdversaries: 0x880 132c.1bf0: \SystemRoot\System32\drivers\MBAMSwissArmy.sys: 132c.1bf0: CreationTime: 2014-09-24T18:24:17.952492400Z 132c.1bf0: LastWriteTime: 2017-01-13T18:04:14.602901400Z 132c.1bf0: ChangeTime: 2017-01-13T18:04:14.602901400Z 132c.1bf0: FileAttributes: 0x20 132c.1bf0: Size: 0x2eed8 132c.1bf0: NT Headers: 0xe0 132c.1bf0: Timestamp: 0x55b855d9 132c.1bf0: Machine: 0x8664 - amd64 132c.1bf0: Timestamp: 0x55b855d9 132c.1bf0: Image Version: 6.1 132c.1bf0: SizeOfImage: 0x33000 (208896) 132c.1bf0: Resource Dir: 0x31000 LB 0x3b8 132c.1bf0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 132c.1bf0: [Raw version resource data: 0x31060 LB 0x354, codepage 0x0 (reserved 0x0)] 132c.1bf0: ProductName: Malwarebytes Anti-Malware 132c.1bf0: ProductVersion: 0.3.0.0 132c.1bf0: FileVersion: 0.3.0.0 132c.1bf0: FileDescription: Malwarebytes Anti-Malware 132c.1bf0: \SystemRoot\System32\drivers\mwac.sys: 132c.1bf0: CreationTime: 2014-09-24T18:23:36.059142100Z 132c.1bf0: LastWriteTime: 2016-03-11T00:09:10.000000000Z 132c.1bf0: ChangeTime: 2016-09-27T06:31:42.971428400Z 132c.1bf0: FileAttributes: 0x20 132c.1bf0: Size: 0xff80 132c.1bf0: NT Headers: 0xe0 132c.1bf0: Timestamp: 0x53a0f444 132c.1bf0: Machine: 0x8664 - amd64 132c.1bf0: Timestamp: 0x53a0f444 132c.1bf0: Image Version: 6.2 132c.1bf0: SizeOfImage: 0x13000 (77824) 132c.1bf0: Resource Dir: 0x11000 LB 0x3e0 132c.1bf0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 132c.1bf0: [Raw version resource data: 0x11060 LB 0x37c, codepage 0x0 (reserved 0x0)] 132c.1bf0: ProductName: Malwarebytes Web Access Control 132c.1bf0: ProductVersion: 1.0.6.0 132c.1bf0: FileVersion: 1.0.6.0 132c.1bf0: FileDescription: Malwarebytes Web Access Control 132c.1bf0: \SystemRoot\System32\drivers\mbamchameleon.sys: 132c.1bf0: CreationTime: 2014-09-24T18:23:36.129188300Z 132c.1bf0: LastWriteTime: 2016-03-11T00:08:58.000000000Z 132c.1bf0: ChangeTime: 2016-09-27T06:31:43.244459300Z 132c.1bf0: FileAttributes: 0x20 132c.1bf0: Size: 0x22580 132c.1bf0: NT Headers: 0xe0 132c.1bf0: Timestamp: 0x56a95753 132c.1bf0: Machine: 0x8664 - amd64 132c.1bf0: Timestamp: 0x56a95753 132c.1bf0: Image Version: 6.1 132c.1bf0: SizeOfImage: 0x26000 (155648) 132c.1bf0: Resource Dir: 0x24000 LB 0xba8 132c.1bf0: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 132c.1bf0: [Raw version resource data: 0x24830 LB 0x378, codepage 0x0 (reserved 0x0)] 132c.1bf0: ProductName: Malwarebytes Chameleon 132c.1bf0: ProductVersion: 1.1.22.0 132c.1bf0: FileVersion: 1.1.22.0 132c.1bf0: FileDescription: Malwarebytes Chameleon Protection Driver 132c.1bf0: \SystemRoot\System32\drivers\mbam.sys: 132c.1bf0: CreationTime: 2014-09-24T18:23:36.000099300Z 132c.1bf0: LastWriteTime: 2016-03-11T00:08:54.000000000Z 132c.1bf0: ChangeTime: 2016-09-27T06:31:42.935425400Z 132c.1bf0: FileAttributes: 0x20 132c.1bf0: Size: 0x6980 132c.1bf0: NT Headers: 0xd8 132c.1bf0: Timestamp: 0x55ca3257 132c.1bf0: Machine: 0x8664 - amd64 132c.1bf0: Timestamp: 0x55ca3257 132c.1bf0: Image Version: 6.1 132c.1bf0: SizeOfImage: 0xa000 (40960) 132c.1bf0: Resource Dir: 0x8000 LB 0x3a0 132c.1bf0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 132c.1bf0: [Raw version resource data: 0x8060 LB 0x33c, codepage 0x0 (reserved 0x0)] 132c.1bf0: ProductName: Malwarebytes Anti-Malware 132c.1bf0: ProductVersion: 0.1.16.0 132c.1bf0: FileVersion: 0.1.16.0 132c.1bf0: FileDescription: Malwarebytes Anti-Malware 132c.1bf0: \SystemRoot\System32\drivers\cmdguard.sys: 132c.1bf0: CreationTime: 2016-08-31T22:50:30.000000000Z 132c.1bf0: LastWriteTime: 2017-05-31T12:49:23.552200000Z 132c.1bf0: ChangeTime: 2017-07-06T19:45:35.547449700Z 132c.1bf0: FileAttributes: 0x20 132c.1bf0: Size: 0xc8ff8 132c.1bf0: NT Headers: 0x100 132c.1bf0: Timestamp: 0x592eb1c0 132c.1bf0: Machine: 0x8664 - amd64 132c.1bf0: Timestamp: 0x592eb1c0 132c.1bf0: Image Version: 10.0 132c.1bf0: SizeOfImage: 0xd2000 (860160) 132c.1bf0: Resource Dir: 0xd0000 LB 0x3d0 132c.1bf0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 132c.1bf0: [Raw version resource data: 0xd0060 LB 0x36c, codepage 0x0 (reserved 0x0)] 132c.1bf0: ProductName: COMODO Internet Security Sandbox Driver 132c.1bf0: ProductVersion: 10, 0, 1, 6241 132c.1bf0: FileVersion: 10, 0, 1, 6241 132c.1bf0: FileDescription: COMODO Internet Security Sandbox Driver 132c.1bf0: \SystemRoot\System32\drivers\cmderd.sys: 132c.1bf0: CreationTime: 2016-08-31T22:50:24.000000000Z 132c.1bf0: LastWriteTime: 2017-05-31T12:49:17.544200000Z 132c.1bf0: ChangeTime: 2017-07-06T19:45:36.193627700Z 132c.1bf0: FileAttributes: 0x20 132c.1bf0: Size: 0x7de8 132c.1bf0: NT Headers: 0xe0 132c.1bf0: Timestamp: 0x592eb15b 132c.1bf0: Machine: 0x8664 - amd64 132c.1bf0: Timestamp: 0x592eb15b 132c.1bf0: Image Version: 10.0 132c.1bf0: SizeOfImage: 0xa000 (40960) 132c.1bf0: Resource Dir: 0x8000 LB 0x3d8 132c.1bf0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 132c.1bf0: [Raw version resource data: 0x8060 LB 0x374, codepage 0x0 (reserved 0x0)] 132c.1bf0: ProductName: COMODO Internet Security Eradication Driver 132c.1bf0: ProductVersion: 10, 0, 1, 6241 132c.1bf0: FileVersion: 10, 0, 1, 6241 132c.1bf0: FileDescription: COMODO Internet Security Eradication Driver 132c.1bf0: \SystemRoot\System32\drivers\inspect.sys: 132c.1bf0: CreationTime: 2016-08-31T22:50:42.000000000Z 132c.1bf0: LastWriteTime: 2017-06-07T13:10:39.393800000Z 132c.1bf0: ChangeTime: 2017-07-06T19:45:37.120368000Z 132c.1bf0: FileAttributes: 0x20 132c.1bf0: Size: 0x1e510 132c.1bf0: NT Headers: 0xf0 132c.1bf0: Timestamp: 0x5937ed7a 132c.1bf0: Machine: 0x8664 - amd64 132c.1bf0: Timestamp: 0x5937ed7a 132c.1bf0: Image Version: 10.0 132c.1bf0: SizeOfImage: 0x21000 (135168) 132c.1bf0: Resource Dir: 0x1f000 LB 0x3d0 132c.1bf0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 132c.1bf0: [Raw version resource data: 0x1f060 LB 0x36c, codepage 0x0 (reserved 0x0)] 132c.1bf0: ProductName: COMODO Internet Security Firewall Driver 132c.1bf0: ProductVersion: 10, 0, 1, 6245 132c.1bf0: FileVersion: 10, 0, 1, 6245 132c.1bf0: FileDescription: COMODO Internet Security Firewall Driver 132c.1bf0: \SystemRoot\System32\drivers\cmdhlp.sys: 132c.1bf0: CreationTime: 2016-08-31T22:50:36.000000000Z 132c.1bf0: LastWriteTime: 2017-05-31T12:49:29.557200000Z 132c.1bf0: ChangeTime: 2017-07-06T19:45:36.544576600Z 132c.1bf0: FileAttributes: 0x20 132c.1bf0: Size: 0xa460 132c.1bf0: NT Headers: 0xe8 132c.1bf0: Timestamp: 0x592eb166 132c.1bf0: Machine: 0x8664 - amd64 132c.1bf0: Timestamp: 0x592eb166 132c.1bf0: Image Version: 10.0 132c.1bf0: SizeOfImage: 0xc000 (49152) 132c.1bf0: Resource Dir: 0xa000 LB 0x3c8 132c.1bf0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 132c.1bf0: [Raw version resource data: 0xa060 LB 0x364, codepage 0x0 (reserved 0x0)] 132c.1bf0: ProductName: COMODO Internet Security Helper Driver 132c.1bf0: ProductVersion: 10, 0, 1, 6241 132c.1bf0: FileVersion: 10, 0, 1, 6241 132c.1bf0: FileDescription: COMODO Internet Security Helper Driver 132c.1bf0: \SystemRoot\System32\guard64.dll: 132c.1bf0: CreationTime: 2016-09-15T10:07:02.000000000Z 132c.1bf0: LastWriteTime: 2017-07-11T11:44:19.100200000Z 132c.1bf0: ChangeTime: 2017-07-14T18:30:03.539948600Z 132c.1bf0: FileAttributes: 0x20 132c.1bf0: Size: 0xe60c8 132c.1bf0: NT Headers: 0x148 132c.1bf0: Timestamp: 0x5964b336 132c.1bf0: Machine: 0x8664 - amd64 132c.1bf0: Timestamp: 0x5964b336 132c.1bf0: Image Version: 0.0 132c.1bf0: SizeOfImage: 0xec000 (966656) 132c.1bf0: Resource Dir: 0xe9000 LB 0xd88 132c.1bf0: [Version info resource found at 0x2d0! (ID/Name: 0x1; SubID/SubName: 0x409)] 132c.1bf0: [Raw version resource data: 0xe94d8 LB 0x2b4, codepage 0x0 (reserved 0x0)] 132c.1bf0: ProductName: COMODO Internet Security 132c.1bf0: ProductVersion: 10, 0, 1, 6258 132c.1bf0: FileVersion: 10, 0, 1, 6258 132c.1bf0: FileDescription: COMODO Internet Security 132c.1bf0: \SystemRoot\System32\cmdvrt64.dll: 132c.1bf0: CreationTime: 2016-09-15T10:05:08.000000000Z 132c.1bf0: LastWriteTime: 2017-07-11T11:41:54.879200000Z 132c.1bf0: ChangeTime: 2017-07-14T18:30:05.511560500Z 132c.1bf0: FileAttributes: 0x20 132c.1bf0: Size: 0x6fac0 132c.1bf0: NT Headers: 0x138 132c.1bf0: Timestamp: 0x5964b32c 132c.1bf0: Machine: 0x8664 - amd64 132c.1bf0: Timestamp: 0x5964b32c 132c.1bf0: Image Version: 0.0 132c.1bf0: SizeOfImage: 0x75000 (479232) 132c.1bf0: Resource Dir: 0x73000 LB 0x580 132c.1bf0: [Version info resource found at 0x80! (ID/Name: 0x1; SubID/SubName: 0x804)] 132c.1bf0: [Raw version resource data: 0x730a0 LB 0x2b4, codepage 0x0 (reserved 0x0)] 132c.1bf0: ProductName: COMODO Internet Security 132c.1bf0: ProductVersion: 10, 0, 1, 6258 132c.1bf0: FileVersion: 10, 0, 1, 6258 132c.1bf0: FileDescription: COMODO Internet Security 132c.1bf0: \SystemRoot\System32\cmdkbd64.dll: 132c.1bf0: CreationTime: 2016-09-15T10:04:14.000000000Z 132c.1bf0: LastWriteTime: 2016-09-15T10:04:14.000000000Z 132c.1bf0: ChangeTime: 2016-10-05T07:24:42.308371900Z 132c.1bf0: FileAttributes: 0x20 132c.1bf0: Size: 0xcab8 132c.1bf0: NT Headers: 0xe8 132c.1bf0: Timestamp: 0x57d9ceee 132c.1bf0: Machine: 0x8664 - amd64 132c.1bf0: Timestamp: 0x57d9ceee 132c.1bf0: Image Version: 0.0 132c.1bf0: SizeOfImage: 0xf000 (61440) 132c.1bf0: Resource Dir: 0xd000 LB 0x5ac 132c.1bf0: [Version info resource found at 0x80! (ID/Name: 0x1; SubID/SubName: 0x804)] 132c.1bf0: [Raw version resource data: 0xd0a0 LB 0x2ac, codepage 0x4e4 (reserved 0x0)] 132c.1bf0: ProductName: COMODO Internet Security 132c.1bf0: ProductVersion: 8, 4, 0, 5165 132c.1bf0: FileVersion: 8, 4, 0, 5165 132c.1bf0: FileDescription: COMODO Internet Security 132c.1bf0: \SystemRoot\System32\cmdcsr.dll: 132c.1bf0: CreationTime: 2016-09-15T10:07:20.000000000Z 132c.1bf0: LastWriteTime: 2017-07-11T11:44:37.141200000Z 132c.1bf0: ChangeTime: 2017-07-14T18:30:05.715695300Z 132c.1bf0: FileAttributes: 0x20 132c.1bf0: Size: 0xca60 132c.1bf0: NT Headers: 0xd0 132c.1bf0: Timestamp: 0x5964b316 132c.1bf0: Machine: 0x8664 - amd64 132c.1bf0: Timestamp: 0x5964b316 132c.1bf0: Image Version: 0.0 132c.1bf0: SizeOfImage: 0xc000 (49152) 132c.1bf0: Resource Dir: 0xa000 LB 0x4d8 132c.1bf0: [Version info resource found at 0x80! (ID/Name: 0x1; SubID/SubName: 0x409)] 132c.1bf0: [Raw version resource data: 0xa0a0 LB 0x2b4, codepage 0x0 (reserved 0x0)] 132c.1bf0: ProductName: COMODO Internet Security 132c.1bf0: ProductVersion: 10, 0, 1, 6258 132c.1bf0: FileVersion: 10, 0, 1, 6258 132c.1bf0: FileDescription: COMODO Internet Security 132c.1bf0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox' 132c.1bf0: Calling main() 132c.1bf0: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 132c.1bf0: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox' 132c.1bf0: SUPR3HardenedMain: Respawn #1 132c.1bf0: System32: \Device\HarddiskVolume5\Windows\System32 132c.1bf0: WinSxS: \Device\HarddiskVolume5\Windows\WinSxS 132c.1bf0: KnownDllPath: C:\windows\system32 132c.1bf0: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 132c.1bf0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe) 132c.1bf0: supR3HardNtEnableThreadCreation: 132c.1bf0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffcc99a6a4c pvNtTerminateThread=00007ffcc99eb0b0 132c.1bf0: supR3HardenedWinDoReSpawn(1): New child 15d4.17ec [kernel32]. 132c.1bf0: supR3HardNtChildGatherData: PebBaseAddress=00007ff78913e000 cbPeb=0x388 132c.1bf0: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffcc9950000 uNtDllChildAddr=00007ffcc9950000 132c.1bf0: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffcc99a6a4c 132c.1bf0: supR3HardenedWinSetupChildInit: Start child. 132c.1bf0: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 4 ms. 132c.1bf0: supR3HardNtChildPurify: Startup delay kludge #1/0: 521 ms, 51 sleeps 132c.1bf0: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 132c.1bf0: *0000000000000000-0000000000b1ffff 0x0001/0x0000 0x0000000 132c.1bf0: *0000000000b20000-0000000000b3ffff 0x0004/0x0004 0x0020000 132c.1bf0: *0000000000b40000-0000000000b4efff 0x0002/0x0002 0x0040000 132c.1bf0: 0000000000b4f000-0000000000b4ffff 0x0001/0x0000 0x0000000 132c.1bf0: *0000000000b50000-0000000000c4afff 0x0000/0x0004 0x0020000 132c.1bf0: 0000000000c4b000-0000000000c4dfff 0x0104/0x0004 0x0020000 132c.1bf0: 0000000000c4e000-0000000000c4ffff 0x0004/0x0004 0x0020000 132c.1bf0: *0000000000c50000-0000000000c53fff 0x0002/0x0002 0x0040000 132c.1bf0: 0000000000c54000-0000000000c5ffff 0x0001/0x0000 0x0000000 132c.1bf0: *0000000000c60000-0000000000c61fff 0x0004/0x0004 0x0020000 132c.1bf0: 0000000000c62000-000000007ffdffff 0x0001/0x0000 0x0000000 132c.1bf0: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 132c.1bf0: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000 132c.1bf0: 000000007fff0000-00007ff78910ffff 0x0001/0x0000 0x0000000 132c.1bf0: *00007ff789110000-00007ff789132fff 0x0002/0x0002 0x0040000 132c.1bf0: 00007ff789133000-00007ff78913bfff 0x0001/0x0000 0x0000000 132c.1bf0: *00007ff78913c000-00007ff78913dfff 0x0004/0x0004 0x0020000 132c.1bf0: *00007ff78913e000-00007ff78913efff 0x0004/0x0004 0x0020000 132c.1bf0: 00007ff78913f000-00007ff789f8ffff 0x0001/0x0000 0x0000000 132c.1bf0: *00007ff789f90000-00007ff789f90fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 132c.1bf0: 00007ff789f91000-00007ff78a001fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 132c.1bf0: 00007ff78a002000-00007ff78a002fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 132c.1bf0: 00007ff78a003000-00007ff78a048fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 132c.1bf0: 00007ff78a049000-00007ff78a049fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 132c.1bf0: 00007ff78a04a000-00007ff78a04afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 132c.1bf0: 00007ff78a04b000-00007ff78a04ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 132c.1bf0: 00007ff78a050000-00007ff78a050fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 132c.1bf0: 00007ff78a051000-00007ff78a051fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 132c.1bf0: 00007ff78a052000-00007ff78a055fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 132c.1bf0: 00007ff78a056000-00007ff78a09dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 132c.1bf0: 00007ff78a09e000-00007ffc9ffeffff 0x0001/0x0000 0x0000000 132c.1bf0: *00007ffc9fff0000-00007ffc9fff0fff 0x0020/0x0040 0x0020000 !! 132c.1bf0: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 00007ffc9fff0000 (LB 0x1000, 00007ffc9fff0000 LB 0x1000) 132c.1bf0: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [00007ffc9fff0000/00007ffc9fff0000 LB 0/0x1000] 132c.1bf0: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/00007ffc9fff0000 LB 0x29960000 s=0x10000 ap=0x0 rp=0x00000000000001 132c.1bf0: 00007ffc9fff1000-00007ffcc994ffff 0x0001/0x0000 0x0000000 132c.1bf0: *00007ffcc9950000-00007ffcc9950fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 132c.1bf0: 00007ffcc9951000-00007ffcc9a79fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 132c.1bf0: 00007ffcc9a7a000-00007ffcc9a82fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 132c.1bf0: 00007ffcc9a83000-00007ffcc9a8ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 132c.1bf0: 00007ffcc9a90000-00007ffcc9a90fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 132c.1bf0: 00007ffcc9a91000-00007ffcc9a91fff 0x0010/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 132c.1bf0: 00007ffcc9a92000-00007ffcc9af9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 132c.1bf0: 00007ffcc9afa000-00007ffffffdffff 0x0001/0x0000 0x0000000 132c.1bf0: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000 132c.1bf0: VirtualBox.exe: timestamp 0x5af2c2c3 (rc=VINF_SUCCESS) 132c.1bf0: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 132c.1bf0: '\Device\HarddiskVolume5\Windows\System32\ntdll.dll' has no imports 132c.1bf0: ntdll.dll: Differences in section #1 (.text) between file and memory: 132c.1bf0: 00007ffcc99ec540 / 0x009c540: 4c != e9 132c.1bf0: 00007ffcc99ec541 / 0x009c541: 8b != bb 132c.1bf0: 00007ffcc99ec542 / 0x009c542: d1 != 3a 132c.1bf0: 00007ffcc99ec543 / 0x009c543: b8 != 60 132c.1bf0: 00007ffcc99ec544 / 0x009c544: 9b != d6 132c.1bf0: Restored 0x2000 bytes of original file content at 00007ffcc99eaa5a 132c.1bf0: supR3HardNtChildPurify: cFixes=2 g_fSupAdversaries=0x880 132c.1bf0: supR3HardNtChildPurify: Startup delay kludge #1/1: 517 ms, 56 sleeps 132c.1bf0: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 132c.1bf0: *0000000000000000-0000000000b1ffff 0x0001/0x0000 0x0000000 132c.1bf0: *0000000000b20000-0000000000b3ffff 0x0004/0x0004 0x0020000 132c.1bf0: *0000000000b40000-0000000000b4efff 0x0002/0x0002 0x0040000 132c.1bf0: 0000000000b4f000-0000000000b4ffff 0x0001/0x0000 0x0000000 132c.1bf0: *0000000000b50000-0000000000c4afff 0x0000/0x0004 0x0020000 132c.1bf0: 0000000000c4b000-0000000000c4dfff 0x0104/0x0004 0x0020000 132c.1bf0: 0000000000c4e000-0000000000c4ffff 0x0004/0x0004 0x0020000 132c.1bf0: *0000000000c50000-0000000000c53fff 0x0002/0x0002 0x0040000 132c.1bf0: 0000000000c54000-0000000000c5ffff 0x0001/0x0000 0x0000000 132c.1bf0: *0000000000c60000-0000000000c61fff 0x0004/0x0004 0x0020000 132c.1bf0: 0000000000c62000-000000007ffdffff 0x0001/0x0000 0x0000000 132c.1bf0: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 132c.1bf0: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000 132c.1bf0: 000000007fff0000-00007ff78910ffff 0x0001/0x0000 0x0000000 132c.1bf0: *00007ff789110000-00007ff789132fff 0x0002/0x0002 0x0040000 132c.1bf0: 00007ff789133000-00007ff78913bfff 0x0001/0x0000 0x0000000 132c.1bf0: *00007ff78913c000-00007ff78913dfff 0x0004/0x0004 0x0020000 132c.1bf0: *00007ff78913e000-00007ff78913efff 0x0004/0x0004 0x0020000 132c.1bf0: 00007ff78913f000-00007ff789f8ffff 0x0001/0x0000 0x0000000 132c.1bf0: *00007ff789f90000-00007ff789f90fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 132c.1bf0: 00007ff789f91000-00007ff78a001fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 132c.1bf0: 00007ff78a002000-00007ff78a002fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 132c.1bf0: 00007ff78a003000-00007ff78a048fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 132c.1bf0: 00007ff78a049000-00007ff78a055fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 132c.1bf0: 00007ff78a056000-00007ff78a09dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 132c.1bf0: 00007ff78a09e000-00007ffcc994ffff 0x0001/0x0000 0x0000000 132c.1bf0: *00007ffcc9950000-00007ffcc9950fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 132c.1bf0: 00007ffcc9951000-00007ffcc9a79fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 132c.1bf0: 00007ffcc9a7a000-00007ffcc9a82fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 132c.1bf0: 00007ffcc9a83000-00007ffcc9a8ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 132c.1bf0: 00007ffcc9a90000-00007ffcc9a90fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 132c.1bf0: 00007ffcc9a91000-00007ffcc9a91fff 0x0010/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 132c.1bf0: 00007ffcc9a92000-00007ffcc9af9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 132c.1bf0: 00007ffcc9afa000-00007ffffffdffff 0x0001/0x0000 0x0000000 132c.1bf0: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000 132c.1bf0: supR3HardNtChildPurify: Done after 1221 ms and 2 fixes (loop #1). 15d4.17ec: Log file opened: 5.2.12r122591 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x63258000 15d4.17ec: supR3HardenedVmProcessInit: uNtDllAddr=00007ffcc9950000 g_uNtVerCombined=0x63258000 15d4.17ec: ntdll.dll: timestamp 0x530895af (rc=VINF_SUCCESS) 15d4.17ec: New simple heap: #1 0000000000d70000 LB 0x400000 (for 1744896 allocation) 132c.1bf0: supR3HardNtEnableThreadCreation: 15d4.17ec: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox' 15d4.17ec: System32: \Device\HarddiskVolume5\Windows\System32 15d4.17ec: WinSxS: \Device\HarddiskVolume5\Windows\WinSxS 15d4.17ec: KnownDllPath: C:\windows\system32 15d4.17ec: supR3HardenedVmProcessInit: Opening vboxdrv stub... 15d4.17ec: Error opening VBoxDrvStub: STATUS_OBJECT_NAME_NOT_FOUND 15d4.17ec: supR3HardenedWinReadErrorInfoDevice: NtCreateFile -> 0xc0000034 15d4.17ec: Error -101 in supR3HardenedWinReSpawn! (enmWhat=3) 15d4.17ec: NtCreateFile(\Device\VBoxDrvStub) failed: 0xc0000034 STATUS_OBJECT_NAME_NOT_FOUND (0 retries) Driver is probably stuck stopping/starting. Try 'sc.exe query vboxdrv' to get more information about its state. Rebooting may actually help. 132c.1bf0: supR3HardenedWinCheckChild: enmRequest=2 rc=-101 enmWhat=3 supR3HardenedWinReSpawn: NtCreateFile(\Device\VBoxDrvStub) failed: 0xc0000034 STATUS_OBJECT_NAME_NOT_FOUND (0 retries) Driver is probably stuck stopping/starting. Try 'sc.exe query vboxdrv' to get more information about its state. Rebooting may actually help. 132c.1bf0: Error -101 in supR3HardenedWinReSpawn! (enmWhat=3) 132c.1bf0: NtCreateFile(\Device\VBoxDrvStub) failed: 0xc0000034 STATUS_OBJECT_NAME_NOT_FOUND (0 retries) Driver is probably stuck stopping/starting. Try 'sc.exe query vboxdrv' to get more information about its state. Rebooting may actually help.