Discussion of Problems due to Hardened Security

Discussions related to using VirtualBox on Windows hosts.
Locked
Facund
Posts: 2
Joined: 6. Oct 2016, 13:49

Re: Discussion of Problems due to Hardened Security

Post by Facund »

Hello,

1) Host OS and version = Windows 10 Pro Version 1511 64 bits
2) VBoxHardening.log = I have attached it.
3) Mention any host anti-virus, firewalls, protection software, and debugging programs etc which might be relevant. = The company use "Trend Micro OfficeScan"
4) VBox version = I have tested with 5.1.6 and 5.1.7 r111038 (Qt5.5.1)

The error message is:
Error_VirtualBox.png
Error_VirtualBox.png (15.98 KiB) Viewed 9972 times
The VBoxHardening.log shows:

[rc=-5645] Too many virtual memory regions.
2adc.2bbc: Error -5673 in supR3HardNtChildPurify! (enmWhat=5)
2adc.2bbc: supHardenedWinVerifyProcess failed with Unknown Status -5673 (0xffffe9d7): NtAllocateVirtualMemory (0000000000df0000 LB 0x10000) failed with rcNt=0xc0000018 allocating replacement memory for working around buggy protection software. See VBoxStartup.log for more details
VBoxHardening.zip
(2.69 KiB) Downloaded 38 times
Exist a solution for this issue?

Thanks.
socratis
Site Moderator
Posts: 27330
Joined: 22. Oct 2010, 11:03
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Win(*>98), Linux*, OSX>10.5
Location: Greece

Re: Discussion of Problems due to Hardened Security

Post by socratis »

@Facund
I don't even have to look at the VBoxHardening.log to see what's going on. Apparently the developers have already identified the culprit; your antivirus. Read the last sentence of the message:
You will only see this message if you got potentially fatally buggy anti-virus software installed.
A usual (not always) solution is to disable "real-time scanning", or something along these lines. And complain to them to stop messing with other people's processes, or if they do, to sign their applications.
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
Facund
Posts: 2
Joined: 6. Oct 2016, 13:49

Re: Discussion of Problems due to Hardened Security

Post by Facund »

Thanks for your answer Socratis.

I understand your suggestion (disable real-time scanning), but the PC where I am working, is a PC from the office, so I can´t disable the antivirus.

Are there other way?

Thanks again.
socratis
Site Moderator
Posts: 27330
Joined: 22. Oct 2010, 11:03
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Win(*>98), Linux*, OSX>10.5
Location: Greece

Re: Discussion of Problems due to Hardened Security

Post by socratis »

Yes, I suggested in in the last part of my answer. Talk to TrendMicro. If they don't sign their app, they don't get to access VirtualBox's process. Period. The ball is in their court.
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
kruuth
Posts: 1
Joined: 19. Oct 2016, 20:13

Re: Discussion of Problems due to Hardened Security

Post by kruuth »

Good day everyone. I seem to be having a similar problem with Virtualbox giving the 80004005 error. I'm not running McAffee and I'm not sure what I should do in order to get this to work. Right now I have my configuration running where the OS of my host is on an SSD, and I have a large RAID for everything, including the disk image file. This is under windows 7 64 bit and I'm attempting to launch ubuntu linux. Any assistance would be greatly appreciated.
Attachments
VBoxHardening.zip
(18.67 KiB) Downloaded 25 times
socratis
Site Moderator
Posts: 27330
Joined: 22. Oct 2010, 11:03
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Win(*>98), Linux*, OSX>10.5
Location: Greece

Re: Discussion of Problems due to Hardened Security

Post by socratis »

kruuth wrote:I'm not running McAffee and I'm not sure what I should do in order to get this to work.
But you're running Avast and MalwareBytes. See if there is a real-time scanning feature and disable it. If it doesn't work, uninstall them completely, don't just disable them. If it works have a chat with your Antivirus providers.
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
blic
Posts: 5
Joined: 20. Oct 2016, 14:40

Re: Discussion of Problems due to Hardened Security

Post by blic »

Hi all,

I had to create this account specifically because of this issue. VBox isn't running at all, and I am a first time user. I am almost tearing out my hair in frustration at this point. I use Windows 7 and wanted to preview Windows 10 before I take the leap to upgrade/migrate, whatever. I am kinda feeling left behind in the stone age here. This is my setup:

Host: Windows 7 Ultimate SP1 x64
Guest: Windows 10 Pro x64
VirtualBox: Version 5.1.8

Error Message:

Code: Select all

The virtual machine 'Windows 10' has terminated unexpectedly during startup with exit code 1 (0x1). More details may be available in 'C:\Users\toshiba\VirtualBox VMs\Windows 10\Logs\VBoxHardening.log'.


Result Code: 
E_FAIL (0x80004005)
Component: 
MachineWrap
Interface: 
IMachine {b2547866-a0a1-4391-8b86-6952d82efaa0}
VBoxHardeningLog:

Code: Select all

1ed4.15bc: Log file opened: 5.1.8r111374 g_hStartupLog=0000000000000014 g_uNtVerCombined=0x611db110
1ed4.15bc: \SystemRoot\System32\ntdll.dll:
1ed4.15bc:     CreationTime:    2010-11-21T03:23:51.351694200Z
1ed4.15bc:     LastWriteTime:   2010-11-21T03:23:51.367294200Z
1ed4.15bc:     ChangeTime:      2016-07-14T20:02:40.346420000Z
1ed4.15bc:     FileAttributes:  0x20
1ed4.15bc:     Size:            0x1a6d60
1ed4.15bc:     NT Headers:      0xe0
1ed4.15bc:     Timestamp:       0x4ce7c8f9
1ed4.15bc:     Machine:         0x8664 - amd64
1ed4.15bc:     Timestamp:       0x4ce7c8f9
1ed4.15bc:     Image Version:   6.1
1ed4.15bc:     SizeOfImage:     0x1a9000 (1740800)
1ed4.15bc:     Resource Dir:    0x151000 LB 0x560d8
1ed4.15bc:     ProductName:     Microsoft® Windows® Operating System
1ed4.15bc:     ProductVersion:  6.1.7601.17514
1ed4.15bc:     FileVersion:     6.1.7601.17514 (win7sp1_rtm.101119-1850)
1ed4.15bc:     FileDescription: NT Layer DLL
1ed4.15bc: \SystemRoot\System32\kernel32.dll:
1ed4.15bc:     CreationTime:    2010-11-21T03:24:07.965723400Z
1ed4.15bc:     LastWriteTime:   2010-11-21T03:24:07.981323400Z
1ed4.15bc:     ChangeTime:      2016-07-14T20:02:15.869977000Z
1ed4.15bc:     FileAttributes:  0x20
1ed4.15bc:     Size:            0x11b800
1ed4.15bc:     NT Headers:      0xe8
1ed4.15bc:     Timestamp:       0x4ce7c78b
1ed4.15bc:     Machine:         0x8664 - amd64
1ed4.15bc:     Timestamp:       0x4ce7c78b
1ed4.15bc:     Image Version:   6.1
1ed4.15bc:     SizeOfImage:     0x11f000 (1175552)
1ed4.15bc:     Resource Dir:    0x116000 LB 0x528
1ed4.15bc:     ProductName:     Microsoft® Windows® Operating System
1ed4.15bc:     ProductVersion:  6.1.7601.17514
1ed4.15bc:     FileVersion:     6.1.7601.17514 (win7sp1_rtm.101119-1850)
1ed4.15bc:     FileDescription: Windows NT BASE API Client DLL
1ed4.15bc: \SystemRoot\System32\KernelBase.dll:
1ed4.15bc:     CreationTime:    2010-11-21T03:24:26.217755400Z
1ed4.15bc:     LastWriteTime:   2010-11-21T03:24:26.248955500Z
1ed4.15bc:     ChangeTime:      2016-07-14T20:02:15.901177000Z
1ed4.15bc:     FileAttributes:  0x20
1ed4.15bc:     Size:            0x66800
1ed4.15bc:     NT Headers:      0xf0
1ed4.15bc:     Timestamp:       0x4ce7c78c
1ed4.15bc:     Machine:         0x8664 - amd64
1ed4.15bc:     Timestamp:       0x4ce7c78c
1ed4.15bc:     Image Version:   6.1
1ed4.15bc:     SizeOfImage:     0x6b000 (438272)
1ed4.15bc:     Resource Dir:    0x69000 LB 0x530
1ed4.15bc:     ProductName:     Microsoft® Windows® Operating System
1ed4.15bc:     ProductVersion:  6.1.7601.17514
1ed4.15bc:     FileVersion:     6.1.7601.17514 (win7sp1_rtm.101119-1850)
1ed4.15bc:     FileDescription: Windows NT BASE API Client DLL
1ed4.15bc: \SystemRoot\System32\apisetschema.dll:
1ed4.15bc:     CreationTime:    2009-07-13T23:18:54.866423200Z
1ed4.15bc:     LastWriteTime:   2009-07-14T01:24:53.779000000Z
1ed4.15bc:     ChangeTime:      2016-07-14T20:01:55.558741300Z
1ed4.15bc:     FileAttributes:  0x20
1ed4.15bc:     Size:            0x1a00
1ed4.15bc:     NT Headers:      0xc0
1ed4.15bc:     Timestamp:       0x4a5bdeab
1ed4.15bc:     Machine:         0x8664 - amd64
1ed4.15bc:     Timestamp:       0x4a5bdeab
1ed4.15bc:     Image Version:   6.1
1ed4.15bc:     SizeOfImage:     0x50000 (327680)
1ed4.15bc:     Resource Dir:    0x30000 LB 0x3f0
1ed4.15bc:     ProductName:     Microsoft® Windows® Operating System
1ed4.15bc:     ProductVersion:  6.1.7600.16385
1ed4.15bc:     FileVersion:     6.1.7600.16385 (win7_rtm.090713-1255)
1ed4.15bc:     FileDescription: ApiSet Schema DLL
1ed4.15bc: NtOpenDirectoryObject failed on \Driver: 0xc0000022
1ed4.15bc: supR3HardenedWinFindAdversaries: 0x0
1ed4.15bc: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
1ed4.15bc: Calling main()
1ed4.15bc: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
1ed4.15bc: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
1ed4.15bc: SUPR3HardenedMain: Respawn #1
1ed4.15bc: System32:  \Device\HarddiskVolume2\Windows\System32
1ed4.15bc: WinSxS:    \Device\HarddiskVolume2\Windows\winsxs
1ed4.15bc: KnownDllPath: C:\Windows\system32
1ed4.15bc: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
1ed4.15bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
1ed4.15bc: supR3HardNtEnableThreadCreation:
1ed4.15bc: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007715c320 pvNtTerminateThread=0000000077181840
1ed4.15bc: supR3HardenedWinDoReSpawn(1): New child 1e38.1638 [kernel32].
1ed4.15bc: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdc000 cbPeb=0x380
1ed4.15bc: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077130000 uNtDllChildAddr=0000000077130000
1ed4.15bc: supR3HardenedWinSetupChildInit: uLdrInitThunk=000000007715c320
1ed4.15bc: supR3HardenedWinSetupChildInit: Start child.
1ed4.15bc: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 3 ms.
1ed4.15bc: supR3HardNtChildPurify: Startup delay kludge #1/0: 263 ms, 32 sleeps
1ed4.15bc: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
1ed4.15bc:  *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
1ed4.15bc:  *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
1ed4.15bc:  *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
1ed4.15bc:   0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
1ed4.15bc:  *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
1ed4.15bc:   0000000000041000-fffffffffff31fff 0x0001/0x0000 0x0000000
1ed4.15bc:  *0000000000150000-0000000000053fff 0x0000/0x0004 0x0020000
1ed4.15bc:   000000000024c000-0000000000249fff 0x0104/0x0004 0x0020000
1ed4.15bc:   000000000024e000-000000000024bfff 0x0004/0x0004 0x0020000
1ed4.15bc:   0000000000250000-ffffffff8936ffff 0x0001/0x0000 0x0000000
1ed4.15bc:  *0000000077130000-0000000077130fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1ed4.15bc:   0000000077131000-0000000077232fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1ed4.15bc:   0000000077233000-0000000077261fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1ed4.15bc:   0000000077262000-000000007726dfff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1ed4.15bc:   000000007726e000-00000000772d8fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1ed4.15bc:   00000000772d9000-000000006f5d1fff 0x0001/0x0000 0x0000000
1ed4.15bc:  *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
1ed4.15bc:  *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
1ed4.15bc:   000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
1ed4.15bc:   000000007fff0000-ffffffffc098ffff 0x0001/0x0000 0x0000000
1ed4.15bc:  *000000013f650000-000000013f650fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1ed4.15bc:   000000013f651000-000000013f6bffff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1ed4.15bc:   000000013f6c0000-000000013f6c0fff 0x0080/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1ed4.15bc:   000000013f6c1000-000000013f705fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1ed4.15bc:   000000013f706000-000000013f706fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1ed4.15bc:   000000013f707000-000000013f707fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1ed4.15bc:   000000013f708000-000000013f70cfff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1ed4.15bc:   000000013f70d000-000000013f70dfff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1ed4.15bc:   000000013f70e000-000000013f70efff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1ed4.15bc:   000000013f70f000-000000013f712fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1ed4.15bc:   000000013f713000-000000013f75afff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1ed4.15bc:   000000013f75b000-fffff8037fa65fff 0x0001/0x0000 0x0000000
1ed4.15bc:  *000007feff450000-000007feff450fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
1ed4.15bc:   000007feff451000-000007fdfe8f1fff 0x0001/0x0000 0x0000000
1ed4.15bc:  *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
1ed4.15bc:   000007fffffd3000-000007fffffc9fff 0x0001/0x0000 0x0000000
1ed4.15bc:  *000007fffffdc000-000007fffffdafff 0x0004/0x0004 0x0020000
1ed4.15bc:   000007fffffdd000-000007fffffdbfff 0x0001/0x0000 0x0000000
1ed4.15bc:  *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
1ed4.15bc:  *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
1ed4.15bc: apisetschema.dll: timestamp 0x4a5bdeab (rc=VINF_SUCCESS)
1ed4.15bc: VirtualBox.exe: timestamp 0x58062715 (rc=VINF_SUCCESS)
1ed4.15bc: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
1ed4.15bc: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
1ed4.15bc: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
1ed4.15bc: supR3HardNtChildPurify: Done after 294 ms and 0 fixes (loop #0).
1e38.1638: Log file opened: 5.1.8r111374 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
1e38.1638: supR3HardenedVmProcessInit: uNtDllAddr=0000000077130000 g_uNtVerCombined=0x611db100
1ed4.15bc: supR3HardNtEnableThreadCreation:
1e38.1638: ntdll.dll: timestamp 0x4ce7c8f9 (rc=VINF_SUCCESS)
1e38.1638: New simple heap: #1 0000000000250000 LB 0x400000 (for 1740800 allocation)
1e38.1638: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
1e38.1638: System32:  \Device\HarddiskVolume2\Windows\System32
1e38.1638: WinSxS:    \Device\HarddiskVolume2\Windows\winsxs
1e38.1638: KnownDllPath: C:\Windows\system32
1e38.1638: supR3HardenedVmProcessInit: Opening vboxdrv stub...
1e38.1638: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
1e38.1638: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
1e38.1638: Registered Dll notification callback with NTDLL.
1e38.1638: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
1e38.1638: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
1e38.1638: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
1e38.1638: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
1e38.1638: supR3HardenedDllNotificationCallback: load   0000000077010000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
1e38.1638: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
1e38.1638: supR3HardenedDllNotificationCallback: load   000007fefd130000 LB 0x0006b000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
1e38.1638: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
1e38.1638: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
1e38.1638: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077010000 'C:\Windows\system32\kernel32.dll'
1e38.1638: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007715c320 pvNtTerminateThread=0000000077181840
1e38.1638: \SystemRoot\System32\ntdll.dll:
1e38.1638:     CreationTime:    2010-11-21T03:23:51.351694200Z
1e38.1638:     LastWriteTime:   2010-11-21T03:23:51.367294200Z
1e38.1638:     ChangeTime:      2016-07-14T20:02:40.346420000Z
1e38.1638:     FileAttributes:  0x20
1e38.1638:     Size:            0x1a6d60
1e38.1638:     NT Headers:      0xe0
1e38.1638:     Timestamp:       0x4ce7c8f9
1e38.1638:     Machine:         0x8664 - amd64
1e38.1638:     Timestamp:       0x4ce7c8f9
1e38.1638:     Image Version:   6.1
1e38.1638:     SizeOfImage:     0x1a9000 (1740800)
1e38.1638:     Resource Dir:    0x151000 LB 0x560d8
1e38.1638:     ProductName:     Microsoft® Windows® Operating System
1e38.1638:     ProductVersion:  6.1.7601.17514
1e38.1638:     FileVersion:     6.1.7601.17514 (win7sp1_rtm.101119-1850)
1e38.1638:     FileDescription: NT Layer DLL
1e38.1638: \SystemRoot\System32\kernel32.dll:
1e38.1638:     CreationTime:    2010-11-21T03:24:07.965723400Z
1e38.1638:     LastWriteTime:   2010-11-21T03:24:07.981323400Z
1e38.1638:     ChangeTime:      2016-07-14T20:02:15.869977000Z
1e38.1638:     FileAttributes:  0x20
1e38.1638:     Size:            0x11b800
1e38.1638:     NT Headers:      0xe8
1e38.1638:     Timestamp:       0x4ce7c78b
1e38.1638:     Machine:         0x8664 - amd64
1e38.1638:     Timestamp:       0x4ce7c78b
1e38.1638:     Image Version:   6.1
1e38.1638:     SizeOfImage:     0x11f000 (1175552)
1e38.1638:     Resource Dir:    0x116000 LB 0x528
1e38.1638:     ProductName:     Microsoft® Windows® Operating System
1e38.1638:     ProductVersion:  6.1.7601.17514
1e38.1638:     FileVersion:     6.1.7601.17514 (win7sp1_rtm.101119-1850)
1e38.1638:     FileDescription: Windows NT BASE API Client DLL
1ed4.15bc: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 28 ms.
1e38.1638: \SystemRoot\System32\KernelBase.dll:
1e38.1638:     CreationTime:    2010-11-21T03:24:26.217755400Z
1e38.1638:     LastWriteTime:   2010-11-21T03:24:26.248955500Z
1e38.1638:     ChangeTime:      2016-07-14T20:02:15.901177000Z
1e38.1638:     FileAttributes:  0x20
1e38.1638:     Size:            0x66800
1e38.1638:     NT Headers:      0xf0
1e38.1638:     Timestamp:       0x4ce7c78c
1e38.1638:     Machine:         0x8664 - amd64
1e38.1638:     Timestamp:       0x4ce7c78c
1e38.1638:     Image Version:   6.1
1e38.1638:     SizeOfImage:     0x6b000 (438272)
1e38.1638:     Resource Dir:    0x69000 LB 0x530
1e38.1638:     ProductName:     Microsoft® Windows® Operating System
1e38.1638:     ProductVersion:  6.1.7601.17514
1e38.1638:     FileVersion:     6.1.7601.17514 (win7sp1_rtm.101119-1850)
1e38.1638:     FileDescription: Windows NT BASE API Client DLL
1e38.1638: \SystemRoot\System32\apisetschema.dll:
1e38.1638:     CreationTime:    2009-07-13T23:18:54.866423200Z
1e38.1638:     LastWriteTime:   2009-07-14T01:24:53.779000000Z
1e38.1638:     ChangeTime:      2016-07-14T20:01:55.558741300Z
1e38.1638:     FileAttributes:  0x20
1e38.1638:     Size:            0x1a00
1e38.1638:     NT Headers:      0xc0
1e38.1638:     Timestamp:       0x4a5bdeab
1e38.1638:     Machine:         0x8664 - amd64
1e38.1638:     Timestamp:       0x4a5bdeab
1e38.1638:     Image Version:   6.1
1e38.1638:     SizeOfImage:     0x50000 (327680)
1e38.1638:     Resource Dir:    0x30000 LB 0x3f0
1e38.1638:     ProductName:     Microsoft® Windows® Operating System
1e38.1638:     ProductVersion:  6.1.7600.16385
1e38.1638:     FileVersion:     6.1.7600.16385 (win7_rtm.090713-1255)
1e38.1638:     FileDescription: ApiSet Schema DLL
1e38.1638: NtOpenDirectoryObject failed on \Driver: 0xc0000022
1e38.1638: supR3HardenedWinFindAdversaries: 0x0
1e38.1638: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
1e38.1638: Calling main()
1e38.1638: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
1e38.1638: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
1e38.1638: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
1e38.1638: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
1e38.1638: SUPR3HardenedMain: Respawn #2
1e38.1638: supR3HardNtEnableThreadCreation:
1e38.1638: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll)
1e38.1638: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll
1e38.1638: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
1e38.1638: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
1e38.1638: supR3HardenedDllNotificationCallback: load   000007fefcf50000 LB 0x00057000 C:\Windows\system32\apphelp.dll [fFlags=0x0]
1e38.1638: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
1e38.1638: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf50000 'C:\Windows\system32\apphelp.dll'
1e38.1638: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007715c320 pvNtTerminateThread=0000000077181840
1e38.1638: supR3HardenedWinDoReSpawn(2): New child c34.1e54 [kernel32].
1e38.1638: supR3HardNtChildGatherData: PebBaseAddress=000007fffffda000 cbPeb=0x380
1e38.1638: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077130000 uNtDllChildAddr=0000000077130000
1e38.1638: supR3HardenedWinSetupChildInit: uLdrInitThunk=000000007715c320
1e38.1638: supR3HardenedWinSetupChildInit: Start child.
1e38.1638: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 3 ms.
1e38.1638: supR3HardNtChildPurify: Startup delay kludge #1/0: 270 ms, 32 sleeps
1e38.1638: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
1e38.1638:  *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
1e38.1638:  *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
1e38.1638:  *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
1e38.1638:   0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
1e38.1638:  *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
1e38.1638:   0000000000041000-fffffffffffa1fff 0x0001/0x0000 0x0000000
1e38.1638:  *00000000000e0000-fffffffffffe3fff 0x0000/0x0004 0x0020000
1e38.1638:   00000000001dc000-00000000001d9fff 0x0104/0x0004 0x0020000
1e38.1638:   00000000001de000-00000000001dbfff 0x0004/0x0004 0x0020000
1e38.1638:   00000000001e0000-ffffffff8928ffff 0x0001/0x0000 0x0000000
1e38.1638:  *0000000077130000-0000000077130fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1e38.1638:   0000000077131000-0000000077232fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1e38.1638:   0000000077233000-0000000077261fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1e38.1638:   0000000077262000-000000007726dfff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1e38.1638:   000000007726e000-00000000772d8fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1e38.1638:   00000000772d9000-000000006f5d1fff 0x0001/0x0000 0x0000000
1e38.1638:  *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
1e38.1638:  *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
1e38.1638:   000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
1e38.1638:   000000007fff0000-ffffffffc098ffff 0x0001/0x0000 0x0000000
1e38.1638:  *000000013f650000-000000013f650fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1e38.1638:   000000013f651000-000000013f6bffff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1e38.1638:   000000013f6c0000-000000013f6c0fff 0x0080/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1e38.1638:   000000013f6c1000-000000013f705fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1e38.1638:   000000013f706000-000000013f706fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1e38.1638:   000000013f707000-000000013f707fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1e38.1638:   000000013f708000-000000013f70cfff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1e38.1638:   000000013f70d000-000000013f70dfff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1e38.1638:   000000013f70e000-000000013f70efff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1e38.1638:   000000013f70f000-000000013f712fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1e38.1638:   000000013f713000-000000013f75afff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1e38.1638:   000000013f75b000-fffff8037fa65fff 0x0001/0x0000 0x0000000
1e38.1638:  *000007feff450000-000007feff450fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
1e38.1638:   000007feff451000-000007fdfe8f1fff 0x0001/0x0000 0x0000000
1e38.1638:  *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
1e38.1638:   000007fffffd3000-000007fffffcbfff 0x0001/0x0000 0x0000000
1e38.1638:  *000007fffffda000-000007fffffd8fff 0x0004/0x0004 0x0020000
1e38.1638:   000007fffffdb000-000007fffffd7fff 0x0001/0x0000 0x0000000
1e38.1638:  *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
1e38.1638:  *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
1e38.1638: apisetschema.dll: timestamp 0x4a5bdeab (rc=VINF_SUCCESS)
1e38.1638: VirtualBox.exe: timestamp 0x58062715 (rc=VINF_SUCCESS)
1e38.1638: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
1e38.1638: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
1e38.1638: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
1e38.1638: supR3HardNtChildPurify: Done after 299 ms and 0 fixes (loop #0).
c34.1e54: Log file opened: 5.1.8r111374 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
c34.1e54: supR3HardenedVmProcessInit: uNtDllAddr=0000000077130000 g_uNtVerCombined=0x611db100
c34.1e54: ntdll.dll: timestamp 0x4ce7c8f9 (rc=VINF_SUCCESS)
c34.1e54: New simple heap: #1 00000000002e0000 LB 0x400000 (for 1740800 allocation)
c34.1e54: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
c34.1e54: System32:  \Device\HarddiskVolume2\Windows\System32
c34.1e54: WinSxS:    \Device\HarddiskVolume2\Windows\winsxs
c34.1e54: KnownDllPath: C:\Windows\system32
c34.1e54: supR3HardenedVmProcessInit: Opening vboxdrv...
1e38.1638: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000250000 LB 0x400000)
1e38.1638: supR3HardNtEnableThreadCreation:
c34.1e54: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
c34.1e54: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
c34.1e54: Registered Dll notification callback with NTDLL.
c34.1e54: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
c34.1e54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
c34.1e54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
c34.1e54: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
c34.1e54: supR3HardenedDllNotificationCallback: load   0000000077010000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
c34.1e54: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
c34.1e54: supR3HardenedDllNotificationCallback: load   000007fefd130000 LB 0x0006b000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
c34.1e54: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
c34.1e54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
c34.1e54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077010000 'C:\Windows\system32\kernel32.dll'
c34.1e54: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007715c320 pvNtTerminateThread=0000000077181840
1e38.1638: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 2 ms.
c34.1e54: \SystemRoot\System32\ntdll.dll:
c34.1e54:     CreationTime:    2010-11-21T03:23:51.351694200Z
c34.1e54:     LastWriteTime:   2010-11-21T03:23:51.367294200Z
c34.1e54:     ChangeTime:      2016-07-14T20:02:40.346420000Z
c34.1e54:     FileAttributes:  0x20
c34.1e54:     Size:            0x1a6d60
c34.1e54:     NT Headers:      0xe0
c34.1e54:     Timestamp:       0x4ce7c8f9
c34.1e54:     Machine:         0x8664 - amd64
c34.1e54:     Timestamp:       0x4ce7c8f9
c34.1e54:     Image Version:   6.1
c34.1e54:     SizeOfImage:     0x1a9000 (1740800)
c34.1e54:     Resource Dir:    0x151000 LB 0x560d8
c34.1e54:     ProductName:     Microsoft® Windows® Operating System
c34.1e54:     ProductVersion:  6.1.7601.17514
c34.1e54:     FileVersion:     6.1.7601.17514 (win7sp1_rtm.101119-1850)
c34.1e54:     FileDescription: NT Layer DLL
c34.1e54: \SystemRoot\System32\kernel32.dll:
c34.1e54:     CreationTime:    2010-11-21T03:24:07.965723400Z
c34.1e54:     LastWriteTime:   2010-11-21T03:24:07.981323400Z
c34.1e54:     ChangeTime:      2016-07-14T20:02:15.869977000Z
c34.1e54:     FileAttributes:  0x20
c34.1e54:     Size:            0x11b800
c34.1e54:     NT Headers:      0xe8
c34.1e54:     Timestamp:       0x4ce7c78b
c34.1e54:     Machine:         0x8664 - amd64
c34.1e54:     Timestamp:       0x4ce7c78b
c34.1e54:     Image Version:   6.1
c34.1e54:     SizeOfImage:     0x11f000 (1175552)
c34.1e54:     Resource Dir:    0x116000 LB 0x528
c34.1e54:     ProductName:     Microsoft® Windows® Operating System
c34.1e54:     ProductVersion:  6.1.7601.17514
c34.1e54:     FileVersion:     6.1.7601.17514 (win7sp1_rtm.101119-1850)
c34.1e54:     FileDescription: Windows NT BASE API Client DLL
c34.1e54: \SystemRoot\System32\KernelBase.dll:
c34.1e54:     CreationTime:    2010-11-21T03:24:26.217755400Z
c34.1e54:     LastWriteTime:   2010-11-21T03:24:26.248955500Z
c34.1e54:     ChangeTime:      2016-07-14T20:02:15.901177000Z
c34.1e54:     FileAttributes:  0x20
c34.1e54:     Size:            0x66800
c34.1e54:     NT Headers:      0xf0
c34.1e54:     Timestamp:       0x4ce7c78c
c34.1e54:     Machine:         0x8664 - amd64
c34.1e54:     Timestamp:       0x4ce7c78c
c34.1e54:     Image Version:   6.1
c34.1e54:     SizeOfImage:     0x6b000 (438272)
c34.1e54:     Resource Dir:    0x69000 LB 0x530
c34.1e54:     ProductName:     Microsoft® Windows® Operating System
c34.1e54:     ProductVersion:  6.1.7601.17514
c34.1e54:     FileVersion:     6.1.7601.17514 (win7sp1_rtm.101119-1850)
c34.1e54:     FileDescription: Windows NT BASE API Client DLL
c34.1e54: \SystemRoot\System32\apisetschema.dll:
c34.1e54:     CreationTime:    2009-07-13T23:18:54.866423200Z
c34.1e54:     LastWriteTime:   2009-07-14T01:24:53.779000000Z
c34.1e54:     ChangeTime:      2016-07-14T20:01:55.558741300Z
c34.1e54:     FileAttributes:  0x20
c34.1e54:     Size:            0x1a00
c34.1e54:     NT Headers:      0xc0
c34.1e54:     Timestamp:       0x4a5bdeab
c34.1e54:     Machine:         0x8664 - amd64
c34.1e54:     Timestamp:       0x4a5bdeab
c34.1e54:     Image Version:   6.1
c34.1e54:     SizeOfImage:     0x50000 (327680)
c34.1e54:     Resource Dir:    0x30000 LB 0x3f0
c34.1e54:     ProductName:     Microsoft® Windows® Operating System
c34.1e54:     ProductVersion:  6.1.7600.16385
c34.1e54:     FileVersion:     6.1.7600.16385 (win7_rtm.090713-1255)
c34.1e54:     FileDescription: ApiSet Schema DLL
c34.1e54: NtOpenDirectoryObject failed on \Driver: 0xc0000022
c34.1e54: supR3HardenedWinFindAdversaries: 0x0
c34.1e54: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
c34.1e54: Calling main()
c34.1e54: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
c34.1e54: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
c34.1e54: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
c34.1e54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
c34.1e54: SUPR3HardenedMain: Final process, opening VBoxDrv...
c34.1e54: supR3HardenedEarlyCompact: Removed heap 1 (0x000000002e0000 LB 0x400000)
c34.1e54: supR3HardNtEnableThreadCreation:
c34.1e54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
c34.1e54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
c34.1e54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000714460:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\OpenVPN\bin [calling]
c34.1e54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
c34.1e54: supR3HardenedDllNotificationCallback: load   000007feed9a0000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
c34.1e54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
c34.1e54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
c34.1e54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000714460:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\OpenVPN\bin [calling]
c34.1e54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed9a0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
c34.1e54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
c34.1e54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000714460:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\OpenVPN\bin [calling]
c34.1e54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed9a0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
c34.1e54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed9a0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
c34.1e54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
c34.1e54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'.
c34.1e54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
c34.1e54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
c34.1e54: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
c34.1e54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
c34.1e54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
c34.1e54: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
c34.1e54: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
c34.1e54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
c34.1e54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
c34.1e54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
c34.1e54: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
c34.1e54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
c34.1e54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
c34.1e54: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
c34.1e54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
c34.1e54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
c34.1e54: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
c34.1e54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
c34.1e54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
c34.1e54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
c34.1e54: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
c34.1e54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
c34.1e54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
c34.1e54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
c34.1e54: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
c34.1e54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
c34.1e54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
c34.1e54: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
c34.1e54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000714460:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\OpenVPN\bin [calling]
c34.1e54: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
c34.1e54: supR3HardenedDllNotificationCallback: load   000007fefd3f0000 LB 0x0003a000 C:\Windows\system32\Wintrust.dll [fFlags=0x0]
c34.1e54: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
c34.1e54: supR3HardenedDllNotificationCallback: load   000007fefef90000 LB 0x0009f000 C:\Windows\system32\msvcrt.dll [fFlags=0x0]
c34.1e54: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
c34.1e54: supR3HardenedDllNotificationCallback: load   000007fefd240000 LB 0x00167000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0]
c34.1e54: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
c34.1e54: supR3HardenedDllNotificationCallback: load   000007fefd120000 LB 0x0000f000 C:\Windows\system32\MSASN1.dll [fFlags=0x0]
c34.1e54: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
c34.1e54: supR3HardenedDllNotificationCallback: load   000007fefe0a0000 LB 0x0012d000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0]
c34.1e54: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
c34.1e54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd3f0000 'C:\Windows\system32\Wintrust.dll'
c34.1e54: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
c34.1e54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
c34.1e54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000714460:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\OpenVPN\bin [calling]
c34.1e54: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
c34.1e54: supR3HardenedDllNotificationCallback: load   000007fefcaa0000 LB 0x00022000 C:\Windows\system32\bcrypt.dll [fFlags=0x0]
c34.1e54: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
c34.1e54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcaa0000 'C:\Windows\system32\bcrypt.dll'
c34.1e54: bcrypt.dll loaded at 000007fefcaa0000, BCryptOpenAlgorithmProvider at 000007fefcaa2640, preloading providers:
c34.1e54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
c34.1e54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'.
c34.1e54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
c34.1e54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
c34.1e54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
c34.1e54: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
c34.1e54: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
c34.1e54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
c34.1e54: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
c34.1e54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
c34.1e54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
c34.1e54: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
c34.1e54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
c34.1e54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
c34.1e54: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
c34.1e54: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
c34.1e54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
c34.1e54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
c34.1e54: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
c34.1e54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000714460:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\OpenVPN\bin [calling]
c34.1e54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
c34.1e54: supR3HardenedDllNotificationCallback: load   000007fefc550000 LB 0x0004c000 C:\Windows\system32\bcryptprimitives.dll [fFlags=0x0]
c34.1e54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
c34.1e54: supR3HardenedDllNotificationCallback: load   000007fefdeb0000 LB 0x000db000 C:\Windows\system32\ADVAPI32.dll [fFlags=0x0]
c34.1e54: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
c34.1e54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
c34.1e54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
c34.1e54: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
c34.1e54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
c34.1e54: supR3HardenedDllNotificationCallback: load   000007feff0b0000 LB 0x0001f000 C:\Windows\SYSTEM32\sechost.dll [fFlags=0x0]
c34.1e54: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
c34.1e54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc550000 'C:\Windows\system32\bcryptprimitives.dll'
c34.1e54:     BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=0000000000742a70)
c34.1e54:     BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=0000000000745930)
c34.1e54:     BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=0000000000745a50)
c34.1e54:     BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000000000745c60)
c34.1e54:     BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000000000745d80)
c34.1e54:     BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000000745ea0)
c34.1e54:     BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=00000000007460f0)
c34.1e54:     BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000000746210)
c34.1e54: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
c34.1e54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
c34.1e54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
c34.1e54: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
c34.1e54: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
c34.1e54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
c34.1e54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
c34.1e54: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
c34.1e54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000714460:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\OpenVPN\bin [calling]
c34.1e54: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
c34.1e54: supR3HardenedDllNotificationCallback: load   000007fefc910000 LB 0x00017000 C:\Windows\system32\CRYPTSP.dll [fFlags=0x0]
c34.1e54: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
c34.1e54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc910000 'C:\Windows\system32\CRYPTSP.dll'
c34.1e54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
c34.1e54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
c34.1e54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
c34.1e54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
c34.1e54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
c34.1e54: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
c34.1e54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000714460:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\OpenVPN\bin [calling]
c34.1e54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
c34.1e54: supR3HardenedDllNotificationCallback: load   000007fefc610000 LB 0x00047000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
c34.1e54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
c34.1e54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc610000 'C:\Windows\system32\rsaenh.dll'
c34.1e54: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
c34.1e54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000714460:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\OpenVPN\bin [calling]
c34.1e54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdeb0000 'C:\Windows\system32\ADVAPI32.dll'
c34.1e54: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll)
c34.1e54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
c34.1e54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000714460:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\OpenVPN\bin [calling]
c34.1e54: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
c34.1e54: supR3HardenedDllNotificationCallback: load   000007fefcfb0000 LB 0x0000f000 C:\Windows\system32\CRYPTBASE.dll [fFlags=0x0]
c34.1e54: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
c34.1e54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcfb0000 'C:\Windows\system32\CRYPTBASE.dll'
c34.1e54: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
c34.1e54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000714460:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\OpenVPN\bin [calling]
c34.1e54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077010000 'C:\Windows\system32\kernel32.dll'
c34.1e54: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
c34.1e54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000714460:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\OpenVPN\bin [calling]
c34.1e54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd3f0000 'C:\Windows\system32\WINTRUST.DLL'
c34.1e54: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
c34.1e54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000714460:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\OpenVPN\bin [calling]
c34.1e54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd240000 'C:\Windows\system32\CRYPT32.dll'
c34.1e54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
c34.1e54: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
c34.1e54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
c34.1e54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
c34.1e54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
c34.1e54: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
c34.1e54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imagehlp.dll (Input=imagehlp.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000714460:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\OpenVPN\bin [calling]
c34.1e54: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
c34.1e54: supR3HardenedDllNotificationCallback: load   000007feff1b0000 LB 0x00017000 C:\Windows\system32\imagehlp.dll [fFlags=0x0]
c34.1e54: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
c34.1e54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff1b0000 'C:\Windows\system32\imagehlp.dll'
c34.1e54: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
c34.1e54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000714460:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\OpenVPN\bin [calling]
c34.1e54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc910000 'C:\Windows\system32\CRYPTSP.dll'
c34.1e54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
c34.1e54: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
c34.1e54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
c34.1e54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
c34.1e54: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
c34.1e54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
c34.1e54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'.
c34.1e54: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
c34.1e54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
c34.1e54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'...
c34.1e54: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume2\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008]
c34.1e54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
c34.1e54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
c34.1e54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'.
c34.1e54: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\lpk.dll)
c34.1e54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\lpk.dll
c34.1e54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
c34.1e54: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
c34.1e54: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
c34.1e54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'...
c34.1e54: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume2\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008]
c34.1e54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
c34.1e54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
c34.1e54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
c34.1e54: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\usp10.dll)
c34.1e54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\usp10.dll
c34.1e54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
c34.1e54: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
c34.1e54: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
c34.1e54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
c34.1e54: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
PS: The log had to be truncated due to restriction by the forum.

Thanks in advance.
scottgus1
Site Moderator
Posts: 20965
Joined: 30. Dec 2009, 20:14
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows, Linux

Re: Discussion of Problems due to Hardened Security

Post by scottgus1 »

Blic, please start a new thread so we can deal with your issue in a fresh place.

And you can zip logs to get them to fit. It will be important to have the whole hardening log, since the error issues will be in several places.

It is very likely you won't have to rip out any more hair... :lol:
blic
Posts: 5
Joined: 20. Oct 2016, 14:40

Re: Discussion of Problems due to Hardened Security

Post by blic »

scottgus1 wrote:Blic, please start a new thread so we can deal with your issue in a fresh place.

And you can zip logs to get them to fit. It will be important to have the whole hardening log, since the error issues will be in several places.

It is very likely you won't have to rip out any more hair... :lol:
:D :D
Thanks for the feedback. The new thread has been created, but apparently I can't post a link yet. But I'm guessing you will be able to locate the new thread. The entire log was compressed into a zip file too, so that should make it easier to help, I hope.
albenik
Posts: 1
Joined: 31. Oct 2016, 17:49

Re: Discussion of Problems due to Hardened Security

Post by albenik »

Unable to run any virtual machine with error:
The virtual machine 'Test' has terminated unexpectedly during startup with exit code -1073741819 (0xc0000005). More details may be available in 'C:\Users\valbaev\VirtualBox VMs\Test\Logs\VBoxHardening.log'.
Код ошибки:
E_FAIL (0x80004005)
Компонент:
MachineWrap
Интерфейс:
IMachine {b2547866-a0a1-4391-8b86-6952d82efaa0}
Tried all latest version of VB including test build.
Tried without any antivirus software, with removed cryptopro drivers, and bifit signer driver
Tried to run after Kaspersky AV installed, and full scan performed with no warnings.
Attachments
VBoxHardening.log
(23.22 KiB) Downloaded 27 times
kutu
Posts: 1
Joined: 3. Nov 2016, 23:02

Re: Discussion of Problems due to Hardened Security

Post by kutu »

1) Win7 SP1 64bit
2) attached VBoxHardening.log from different versions, error always the same, screenshot - puu.sh/s5uWg/6b8b784d72.PNG
3) no anti-viruses, windows default firewall, no protection software, no debugging programs, i have installed cygwin basic console apps + git

I'am unable to run old VMs, and freshly created
Attachments
VBoxHardening.log 5.1.9 111724 test build.zip
(2.68 KiB) Downloaded 25 times
VBoxHardening.log 5.1.8 release.zip
(2.66 KiB) Downloaded 28 times
VBoxHardening.log 5.0.28 release.zip
(2.68 KiB) Downloaded 22 times
mpack
Site Moderator
Posts: 39156
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Discussion of Problems due to Hardened Security

Post by mpack »

You seem to be erroring out at an early stage with an access violation error (0xc0000005). I've only known this to happen when an unsigned DLL gets booted out of the Windows process, though as mentioned it happens surprisingly early in your case, while it is still validating Windows system DLLs.

You may have actual malware or corrupted system DLLs on your system, certainly the fact that multiple VirtualBox versions encounter the same problem seems to speak to that. Make sure all graphics drivers are signed, and if all else fails try running "sfc /scannow" in an admin terminal console.
Everyone
Posts: 1
Joined: 14. Nov 2016, 21:32

Re: Discussion of Problems due to Hardened Security

Post by Everyone »

  • 1. Windows 7 Pro x64, SP1
    2. Attached
    3. Applications (possibly not tolerated)
    • • 4t Tray Minimizer
      • SuRun
      • ObjectDock
Attachments
VBoxHardening 5.1.8 r111374.zip
(14.4 KiB) Downloaded 26 times
zll11111
Posts: 2
Joined: 25. Feb 2016, 16:14

Re: Discussion of Problems due to Hardened Security

Post by zll11111 »

1) Host OS and version = Windows 10 Enterprise Version 64 bits
2) VBoxHardening.log = I have attached it.
3) Mention any host anti-virus, firewalls, protection software, and debugging programs etc which might be relevant. = no any one except Windows Defender
4) VBox version = 5.0.16 r105871


have any solution for this issue?

Thanks.
Attachments
VBoxHardening.zip
(8.47 KiB) Downloaded 26 times
mpack
Site Moderator
Posts: 39156
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Discussion of Problems due to Hardened Security

Post by mpack »

You have a Win10 host and VirtualBox 5.0.16. Windows 10 is a moving target. If you want to keep up then I think you should be using something more recent than VirtualBox 5.0.16. The current VirtualBox release is 5.1.10, so perhaps you could try that.

Otherwise: have you installed some kind of unusual of very obsolete audio development API? There seems to be lots of mentions of problems with audio related DLLs.
Locked