3690.382c: Log file opened: 4.3.26r98988 g_hStartupLog=0000000000000094 g_uNtVerCombined=0x611db110
3690.382c: \SystemRoot\System32\ntdll.dll:
3690.382c:     CreationTime:    2013-10-10T01:45:28.833188500Z
3690.382c:     LastWriteTime:   2013-08-29T02:16:35.515578900Z
3690.382c:     ChangeTime:      2013-10-10T02:02:15.337904600Z
3690.382c:     FileAttributes:  0x20
3690.382c:     Size:            0x1a6dc0
3690.382c:     NT Headers:      0xe0
3690.382c:     Timestamp:       0x521eaf24
3690.382c:     Machine:         0x8664 - amd64
3690.382c:     Timestamp:       0x521eaf24
3690.382c:     Image Version:   6.1
3690.382c:     SizeOfImage:     0x1a9000 (1740800)
3690.382c:     Resource Dir:    0x151000 LB 0x560d8
3690.382c:     ProductName:     Microsoft® Windows® Operating System
3690.382c:     ProductVersion:  6.1.7601.18247
3690.382c:     FileVersion:     6.1.7601.18247 (win7sp1_gdr.130828-1532)
3690.382c:     FileDescription: NT Layer DLL
3690.382c: \SystemRoot\System32\kernel32.dll:
3690.382c:     CreationTime:    2014-04-09T01:57:58.995076100Z
3690.382c:     LastWriteTime:   2014-03-04T09:44:00.336000000Z
3690.382c:     ChangeTime:      2014-04-09T06:13:05.322053700Z
3690.382c:     FileAttributes:  0x20
3690.382c:     Size:            0x11c000
3690.382c:     NT Headers:      0xe8
3690.382c:     Timestamp:       0x5315a059
3690.382c:     Machine:         0x8664 - amd64
3690.382c:     Timestamp:       0x5315a059
3690.382c:     Image Version:   6.1
3690.382c:     SizeOfImage:     0x11f000 (1175552)
3690.382c:     Resource Dir:    0x116000 LB 0x528
3690.382c:     ProductName:     Microsoft® Windows® Operating System
3690.382c:     ProductVersion:  6.1.7601.18409
3690.382c:     FileVersion:     6.1.7601.18409 (win7sp1_gdr.140303-2144)
3690.382c:     FileDescription: Windows NT BASE API Client DLL
3690.382c: \SystemRoot\System32\KernelBase.dll:
3690.382c:     CreationTime:    2014-07-07T01:06:56.989863800Z
3690.382c:     LastWriteTime:   2014-03-04T09:44:00.336000000Z
3690.382c:     ChangeTime:      2014-07-07T12:17:40.308840000Z
3690.382c:     FileAttributes:  0x20
3690.382c:     Size:            0x67c00
3690.382c:     NT Headers:      0xe8
3690.382c:     Timestamp:       0x5315a05a
3690.382c:     Machine:         0x8664 - amd64
3690.382c:     Timestamp:       0x5315a05a
3690.382c:     Image Version:   6.1
3690.382c:     SizeOfImage:     0x6c000 (442368)
3690.382c:     Resource Dir:    0x6a000 LB 0x530
3690.382c:     ProductName:     Microsoft® Windows® Operating System
3690.382c:     ProductVersion:  6.1.7601.18409
3690.382c:     FileVersion:     6.1.7601.18409 (win7sp1_gdr.140303-2144)
3690.382c:     FileDescription: Windows NT BASE API Client DLL
3690.382c: \SystemRoot\System32\apisetschema.dll:
3690.382c:     CreationTime:    2015-03-11T06:43:13.153750400Z
3690.382c:     LastWriteTime:   2015-02-03T03:28:14.008000000Z
3690.382c:     ChangeTime:      2015-03-11T10:53:15.616784900Z
3690.382c:     FileAttributes:  0x20
3690.382c:     Size:            0x1a00
3690.382c:     NT Headers:      0xc0
3690.382c:     Timestamp:       0x54d04096
3690.382c:     Machine:         0x8664 - amd64
3690.382c:     Timestamp:       0x54d04096
3690.382c:     Image Version:   6.1
3690.382c:     SizeOfImage:     0x50000 (327680)
3690.382c:     Resource Dir:    0x30000 LB 0x3f8
3690.382c:     ProductName:     Microsoft® Windows® Operating System
3690.382c:     ProductVersion:  6.1.7601.18741
3690.382c:     FileVersion:     6.1.7601.18741 (win7sp1_gdr.150202-1526)
3690.382c:     FileDescription: ApiSet Schema DLL
3690.382c: supR3HardenedWinFindAdversaries: 0x0
3690.382c: Calling main()
3690.382c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
3690.382c: SUPR3HardenedMain: Respawn #1
3690.382c: System32:  \Device\HarddiskVolume8\Windows\System32
3690.382c: WinSxS:    \Device\HarddiskVolume8\Windows\winsxs
3690.382c: KnownDllPath: C:\windows\system32
3690.382c: '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
3690.382c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBox.exe)
3690.382c: supR3HardNtEnableThreadCreation:
3690.382c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000771cc340 pvNtTerminateThread=00000000771f17e0
3690.382c: supR3HardenedWinDoReSpawn(1): New child 27f8.28a8 [kernel32].
3690.382c: supR3HardNtChildGatherData: PebBaseAddress=000007fffffd5000 cbPeb=0x380
3690.382c: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00000000771a0000 uNtDllChildAddr=00000000771a0000
3690.382c: supR3HardenedWinSetupChildInit: uLdrInitThunk=00000000771cc340
3690.382c: supR3HardenedWinSetupChildInit: Start child.
3690.382c: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
3690.382c: supR3HardNtChildPurify: Startup delay kludge #1/0: 264 ms, 33 sleeps
3690.382c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
3690.382c:  *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
3690.382c:  *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
3690.382c:  *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
3690.382c:   0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
3690.382c:  *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
3690.382c:   0000000000041000-0000000000031fff 0x0001/0x0000 0x0000000
3690.382c:  *0000000000050000-000000000004efff 0x0040/0x0040 0x0020000 !!
3690.382c: supHardNtVpScanVirtualMemory: Freeing exec mem at 0000000000050000 (0000000000050000 LB 0x1000)
3690.382c:   0000000000051000-ffffffffffeb1fff 0x0001/0x0000 0x0000000
3690.382c:  *00000000001f0000-00000000000f3fff 0x0000/0x0004 0x0020000
3690.382c:   00000000002ec000-00000000002e8fff 0x0104/0x0004 0x0020000
3690.382c:   00000000002ef000-00000000002edfff 0x0004/0x0004 0x0020000
3690.382c:   00000000002f0000-ffffffff8943ffff 0x0001/0x0000 0x0000000
3690.382c:  *00000000771a0000-000000007719efff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume8\Windows\System32\ntdll.dll
3690.382c:   00000000771a1000-000000007709efff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume8\Windows\System32\ntdll.dll
3690.382c:   00000000772a3000-0000000077273fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume8\Windows\System32\ntdll.dll
3690.382c:   00000000772d2000-00000000772c9fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume8\Windows\System32\ntdll.dll
3690.382c:   00000000772da000-00000000772d8fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume8\Windows\System32\ntdll.dll
3690.382c:   00000000772db000-00000000772d7fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume8\Windows\System32\ntdll.dll
3690.382c:   00000000772de000-0000000077272fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume8\Windows\System32\ntdll.dll
3690.382c:   0000000077349000-000000006f6b1fff 0x0001/0x0000 0x0000000
3690.382c:  *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
3690.382c:  *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
3690.382c:   000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
3690.382c:   000000007fff0000-ffffffffc033ffff 0x0001/0x0000 0x0000000
3690.382c:  *000000013fca0000-000000013fc9efff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBox.exe
3690.382c:   000000013fca1000-000000013fc1cfff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBox.exe
3690.382c:   000000013fd25000-000000013fd23fff 0x0080/0x0080 0x1000000  \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBox.exe
3690.382c:   000000013fd26000-000000013fce8fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBox.exe
3690.382c:   000000013fd63000-000000013fd61fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBox.exe
3690.382c:   000000013fd64000-000000013fd62fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBox.exe
3690.382c:   000000013fd65000-000000013fd62fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBox.exe
3690.382c:   000000013fd67000-000000013fd65fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBox.exe
3690.382c:   000000013fd68000-000000013fd66fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBox.exe
3690.382c:   000000013fd69000-000000013fd64fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBox.exe
3690.382c:   000000013fd6d000-000000013fd33fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBox.exe
3690.382c:   000000013fda6000-fffff8038068bfff 0x0001/0x0000 0x0000000
3690.382c:  *000007feff4c0000-000007feff4befff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume8\Windows\System32\apisetschema.dll
3690.382c:   000007feff4c1000-000007fdfe9e1fff 0x0001/0x0000 0x0000000
3690.382c:  *000007fffffa0000-000007fffff6cfff 0x0002/0x0002 0x0040000
3690.382c:   000007fffffd3000-000007fffffd0fff 0x0001/0x0000 0x0000000
3690.382c:  *000007fffffd5000-000007fffffd3fff 0x0004/0x0004 0x0020000
3690.382c:   000007fffffd6000-000007fffffcdfff 0x0001/0x0000 0x0000000
3690.382c:  *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
3690.382c:  *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
3690.382c: apisetschema.dll: timestamp 0x54d04096 (rc=VINF_SUCCESS)
3690.382c: VirtualBox.exe: timestamp 0x550706a7 (rc=VINF_SUCCESS)
3690.382c: '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
3690.382c: '\Device\HarddiskVolume8\Windows\System32\apisetschema.dll' has no imports
3690.382c: '\Device\HarddiskVolume8\Windows\System32\ntdll.dll' has no imports
3690.382c: supR3HardNtChildPurify: cFixes=1 g_fSupAdversaries=0x80000000 cPatchCount=0
3690.382c: supR3HardNtChildPurify: Startup delay kludge #1/1: 520 ms, 65 sleeps
3690.382c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
3690.382c:  *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
3690.382c:  *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
3690.382c:  *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
3690.382c:   0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
3690.382c:  *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
3690.382c:   0000000000041000-ffffffffffe91fff 0x0001/0x0000 0x0000000
3690.382c:  *00000000001f0000-00000000000f3fff 0x0000/0x0004 0x0020000
3690.382c:   00000000002ec000-00000000002e8fff 0x0104/0x0004 0x0020000
3690.382c:   00000000002ef000-00000000002edfff 0x0004/0x0004 0x0020000
3690.382c:   00000000002f0000-ffffffff8943ffff 0x0001/0x0000 0x0000000
3690.382c:  *00000000771a0000-000000007719efff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume8\Windows\System32\ntdll.dll
3690.382c:   00000000771a1000-000000007709efff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume8\Windows\System32\ntdll.dll
3690.382c:   00000000772a3000-0000000077273fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume8\Windows\System32\ntdll.dll
3690.382c:   00000000772d2000-00000000772c9fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume8\Windows\System32\ntdll.dll
3690.382c:   00000000772da000-00000000772d8fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume8\Windows\System32\ntdll.dll
3690.382c:   00000000772db000-00000000772d9fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume8\Windows\System32\ntdll.dll
3690.382c:   00000000772dc000-00000000772d9fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume8\Windows\System32\ntdll.dll
3690.382c:   00000000772de000-0000000077272fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume8\Windows\System32\ntdll.dll
3690.382c:   0000000077349000-000000006f6b1fff 0x0001/0x0000 0x0000000
3690.382c:  *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
3690.382c:  *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
3690.382c:   000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
3690.382c:   000000007fff0000-ffffffffc033ffff 0x0001/0x0000 0x0000000
3690.382c:  *000000013fca0000-000000013fc9efff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBox.exe
3690.382c:   000000013fca1000-000000013fc1cfff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBox.exe
3690.382c:   000000013fd25000-000000013fd23fff 0x0040/0x0080 0x1000000  \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBox.exe
3690.382c:   000000013fd26000-000000013fce8fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBox.exe
3690.382c:   000000013fd63000-000000013fd58fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBox.exe
3690.382c:   000000013fd6d000-000000013fd33fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBox.exe
3690.382c:   000000013fda6000-fffff8038068bfff 0x0001/0x0000 0x0000000
3690.382c:  *000007feff4c0000-000007feff4befff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume8\Windows\System32\apisetschema.dll
3690.382c:   000007feff4c1000-000007fdfe9e1fff 0x0001/0x0000 0x0000000
3690.382c:  *000007fffffa0000-000007fffff6cfff 0x0002/0x0002 0x0040000
3690.382c:   000007fffffd3000-000007fffffd0fff 0x0001/0x0000 0x0000000
3690.382c:  *000007fffffd5000-000007fffffd3fff 0x0004/0x0004 0x0020000
3690.382c:   000007fffffd6000-000007fffffcdfff 0x0001/0x0000 0x0000000
3690.382c:  *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
3690.382c:  *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
3690.382c: supR3HardNtChildPurify: Done after 807 ms and 1 fixes (loop #1).
3690.382c: supR3HardNtEnableThreadCreation:
27f8.28a8: Log file opened: 4.3.26r98988 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db110
27f8.28a8: supR3HardenedVmProcessInit: uNtDllAddr=00000000771a0000
27f8.28a8: ntdll.dll: timestamp 0x521eaf24 (rc=VINF_SUCCESS)
27f8.28a8: New simple heap: #1 00000000002f0000 LB 0x400000 (for 1740800 allocation)
27f8.28a8: System32:  \Device\HarddiskVolume8\Windows\System32
27f8.28a8: WinSxS:    \Device\HarddiskVolume8\Windows\winsxs
27f8.28a8: KnownDllPath: C:\windows\system32
27f8.28a8: supR3HardenedVmProcessInit: Opening vboxdrv stub...
27f8.28a8: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
27f8.28a8: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
27f8.28a8: Registered Dll notification callback with NTDLL.
27f8.28a8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume8\Windows\System32\kernel32.dll)
27f8.28a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\kernel32.dll
27f8.28a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
27f8.28a8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume8\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
27f8.28a8: supR3HardenedDllNotificationCallback: load   0000000076f80000 LB 0x0011f000 C:\windows\system32\kernel32.dll [fFlags=0x0]
27f8.28a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume8\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
27f8.28a8: supR3HardenedDllNotificationCallback: load   000007fefd2a0000 LB 0x0006c000 C:\windows\system32\KERNELBASE.dll [fFlags=0x0]
27f8.28a8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume8\Windows\System32\KernelBase.dll)
27f8.28a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\KernelBase.dll
27f8.28a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076f80000 'C:\windows\system32\kernel32.dll'
3690.382c: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 1487 ms, CloseEvents);