Error "Failed to open a session for the virtual machine..."

Discussions related to using VirtualBox on Windows hosts.
jal1234
Posts: 2
Joined: 6. Aug 2015, 18:28

Re: Error "Failed to open a session for the virtual machine.

Post by jal1234 »

mpack wrote:You replaced a Windows system DLL with one from a previous Windows version? That hardly seems like a good idea. OTOH it is probably something you should discuss with Microsoft.
Yeah, but it gives a clue as to what is wrong with Virtualbox compatibility with Windows 10.
donquixote
Posts: 5
Joined: 10. Aug 2015, 05:01

Re: Error "Failed to open a session for the virtual machine.

Post by donquixote »

I have also experienced an issue with windows 10
donquixote
Posts: 5
Joined: 10. Aug 2015, 05:01

Re: Error "Failed to open a session for the virtual machine.

Post by donquixote »

This is what I get:

Fatal error:
supR3HardenedDllNotificationCallback: supR3HardenedScreenImage failed on 'C:\WINDOWS\system32\imagehlp.dll' / '\??\C:\WINDOWS\system32\imagehlp.dll': 0xc0000190
supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 276 ms, the end);
supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 1133 ms, the end);
am5a03
Posts: 1
Joined: 16. Aug 2015, 15:59

Re: Error "Failed to open a session for the virtual machine.

Post by am5a03 »

Brainbuster wrote:Thank you!
Attached is the log file.

Host: Windows 7 Ultimate

AV: Avira free antivirus with real-time protection enabled.
Cool, I encounter this error too after upgrading to Win 10 & Virtualbox 5.0 But I am using Avast. It seems that there's some conflict between VBox and some antivirus software.
Upon checking the log, it's something related to Avast's dll. After uninstalling it, it works :lol:
Attachments
VBoxStartup.log
(17.53 KiB) Downloaded 225 times
Kahn
Posts: 2
Joined: 22. Aug 2015, 23:57

Re: Error "Failed to open a session for the virtual machine.

Post by Kahn »

Hi

after some Windows 10 Updates, my VM XP dont work anymore

and this is my fresh Logfile:

Thanks for any suggestions :(
Best regards
Karsten from Berlin

Code: Select all

d48.1668: Log file opened: 4.3.30r101610 g_hStartupLog=00000074 g_uNtVerCombined=0xa0280000
d48.1668: \SystemRoot\System32\ntdll.dll:
d48.1668:     CreationTime:    2015-08-11T20:21:47.437079400Z
d48.1668:     LastWriteTime:   2015-08-08T06:59:45.320134700Z
d48.1668:     ChangeTime:      2015-08-19T07:36:30.036165800Z
d48.1668:     FileAttributes:  0x20
d48.1668:     Size:            0x176c38
d48.1668:     NT Headers:      0xf0
d48.1668:     Timestamp:       0x55c599e6
d48.1668:     Machine:         0x14c - i386
d48.1668:     Timestamp:       0x55c599e6
d48.1668:     Image Version:   10.0
d48.1668:     SizeOfImage:     0x179000 (1544192)
d48.1668:     Resource Dir:    0x10e000 LB 0x65718
d48.1668:     ProductName:     Microsoft® Windows® Operating System
d48.1668:     ProductVersion:  10.0.10240.16430
d48.1668:     FileVersion:     10.0.10240.16430 (th1.150807-2049)
d48.1668:     FileDescription: NT Layer DLL
d48.1668: \SystemRoot\System32\kernel32.dll:
d48.1668:     CreationTime:    2015-07-10T08:24:38.139724700Z
d48.1668:     LastWriteTime:   2015-07-10T08:24:38.139724700Z
d48.1668:     ChangeTime:      2015-08-09T08:09:28.602495200Z
d48.1668:     FileAttributes:  0x20
d48.1668:     Size:            0x986b8
d48.1668:     NT Headers:      0xf8
d48.1668:     Timestamp:       0x559f3b86
d48.1668:     Machine:         0x14c - i386
d48.1668:     Timestamp:       0x559f3b86
d48.1668:     Image Version:   10.0
d48.1668:     SizeOfImage:     0x95000 (610304)
d48.1668:     Resource Dir:    0x8f000 LB 0x518
d48.1668:     ProductName:     Microsoft® Windows® Operating System
d48.1668:     ProductVersion:  10.0.10240.16384
d48.1668:     FileVersion:     10.0.10240.16384 (th1.150709-1700)
d48.1668:     FileDescription: Windows NT BASE API Client DLL
d48.1668: \SystemRoot\System32\KernelBase.dll:
d48.1668:     CreationTime:    2015-07-10T08:24:56.031660300Z
d48.1668:     LastWriteTime:   2015-07-10T08:24:56.047288800Z
d48.1668:     ChangeTime:      2015-08-09T08:09:28.821250800Z
d48.1668:     FileAttributes:  0x20
d48.1668:     Size:            0x175610
d48.1668:     NT Headers:      0xf0
d48.1668:     Timestamp:       0x559f3b4c
d48.1668:     Machine:         0x14c - i386
d48.1668:     Timestamp:       0x559f3b4c
d48.1668:     Image Version:   10.0
d48.1668:     SizeOfImage:     0x177000 (1536000)
d48.1668:     Resource Dir:    0x15b000 LB 0x530
d48.1668:     ProductName:     Microsoft® Windows® Operating System
d48.1668:     ProductVersion:  10.0.10240.16384
d48.1668:     FileVersion:     10.0.10240.16384 (th1.150709-1700)
d48.1668:     FileDescription: Windows NT BASE API Client DLL
d48.1668: \SystemRoot\System32\apisetschema.dll:
d48.1668:     CreationTime:    2015-07-10T08:24:49.281165400Z
d48.1668:     LastWriteTime:   2015-07-10T08:24:49.281165400Z
d48.1668:     ChangeTime:      2015-07-16T22:13:27.222663600Z
d48.1668:     FileAttributes:  0x20
d48.1668:     Size:            0x16560
d48.1668:     NT Headers:      0xc8
d48.1668:     Timestamp:       0x559f4063
d48.1668:     Machine:         0x14c - i386
d48.1668:     Timestamp:       0x559f4063
d48.1668:     Image Version:   10.0
d48.1668:     SizeOfImage:     0x17000 (94208)
d48.1668:     Resource Dir:    0x16000 LB 0x3f0
d48.1668:     ProductName:     Microsoft® Windows® Operating System
d48.1668:     ProductVersion:  10.0.10240.16384
d48.1668:     FileVersion:     10.0.10240.16384 (th1.150709-1700)
d48.1668:     FileDescription: ApiSet Schema DLL
d48.1668: supR3HardenedWinFindAdversaries: 0x80
d48.1668: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
d48.1668:     CreationTime:    2015-09-02T12:25:45.733204600Z
d48.1668:     LastWriteTime:   2015-09-02T12:27:35.308648300Z
d48.1668:     ChangeTime:      2015-09-02T12:27:35.308648300Z
d48.1668:     FileAttributes:  0x20
d48.1668:     Size:            0x180d8
d48.1668:     NT Headers:      0xe0
d48.1668:     Timestamp:       0x552c18fe
d48.1668:     Machine:         0x14c - i386
d48.1668:     Timestamp:       0x552c18fe
d48.1668:     Image Version:   6.1
d48.1668:     SizeOfImage:     0x1c000 (114688)
d48.1668:     Resource Dir:    0x1a000 LB 0x3f0
d48.1668:     ProductName:     Malwarebytes Anti-Malware
d48.1668:     ProductVersion:  0.2.22.0
d48.1668:     FileVersion:     0.2.22.0
d48.1668:     FileDescription: Malwarebytes Anti-Malware
d48.1668: \SystemRoot\System32\drivers\mwac.sys:
d48.1668:     CreationTime:    2015-09-02T12:25:23.511841500Z
d48.1668:     LastWriteTime:   2015-06-18T06:41:58.000000000Z
d48.1668:     ChangeTime:      2015-09-02T12:25:23.558716700Z
d48.1668:     FileAttributes:  0x20
d48.1668:     Size:            0xcad8
d48.1668:     NT Headers:      0xe8
d48.1668:     Timestamp:       0x53a0f437
d48.1668:     Machine:         0x14c - i386
d48.1668:     Timestamp:       0x53a0f437
d48.1668:     Image Version:   6.2
d48.1668:     SizeOfImage:     0xf000 (61440)
d48.1668:     Resource Dir:    0xd000 LB 0x3e0
d48.1668:     ProductName:     Malwarebytes Web Access Control
d48.1668:     ProductVersion:  1.0.6.0
d48.1668:     FileVersion:     1.0.6.0
d48.1668:     FileDescription: Malwarebytes Web Access Control
d48.1668: \SystemRoot\System32\drivers\mbamchameleon.sys:
d48.1668:     CreationTime:    2015-09-02T12:25:23.558716700Z
d48.1668:     LastWriteTime:   2015-06-18T06:41:42.000000000Z
d48.1668:     ChangeTime:      2015-09-02T12:25:23.605591800Z
d48.1668:     FileAttributes:  0x20
d48.1668:     Size:            0x172d8
d48.1668:     NT Headers:      0xd0
d48.1668:     Timestamp:       0x554cf747
d48.1668:     Machine:         0x14c - i386
d48.1668:     Timestamp:       0x554cf747
d48.1668:     Image Version:   6.1
d48.1668:     SizeOfImage:     0x1b000 (110592)
d48.1668:     Resource Dir:    0x18000 LB 0xbd8
d48.1668:     ProductName:     Malwarebytes Chameleon
d48.1668:     ProductVersion:  1.1.20.0
d48.1668:     FileVersion:     1.1.20.0
d48.1668:     FileDescription: Malwarebytes Chameleon Protection Driver
d48.1668: \SystemRoot\System32\drivers\mbam.sys:
d48.1668:     CreationTime:    2015-09-02T12:25:23.480586800Z
d48.1668:     LastWriteTime:   2015-06-18T06:41:36.000000000Z
d48.1668:     ChangeTime:      2015-09-02T12:25:23.511841500Z
d48.1668:     FileAttributes:  0x20
d48.1668:     Size:            0x5ad8
d48.1668:     NT Headers:      0xd8
d48.1668:     Timestamp:       0x540754db
d48.1668:     Machine:         0x14c - i386
d48.1668:     Timestamp:       0x540754db
d48.1668:     Image Version:   6.1
d48.1668:     SizeOfImage:     0x9000 (36864)
d48.1668:     Resource Dir:    0x7000 LB 0x3d0
d48.1668:     ProductName:     Malwarebytes Anti-Malware
d48.1668:     ProductVersion:  0.1.15.0
d48.1668:     FileVersion:     0.1.15.0
d48.1668:     FileDescription: Malwarebytes Anti-Malware
d48.1668: Calling main()
d48.1668: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
d48.1668: SUPR3HardenedMain: Respawn #1
d48.1668: System32:  \Device\HarddiskVolume2\WINDOWS\System32
d48.1668: WinSxS:    \Device\HarddiskVolume2\WINDOWS\WinSxS
d48.1668: KnownDllPath: C:\WINDOWS\system32
d48.1668: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
d48.1668: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
d48.1668: supR3HardNtEnableThreadCreation:
d48.1668: supR3HardNtDisableThreadCreation: pvLdrInitThunk=77712e70 pvNtTerminateThread=77720f10
d48.1668: supR3HardenedWinDoReSpawn(1): New child 274.d78 [kernel32].
d48.1668: supR3HardNtChildGatherData: PebBaseAddress=7f586000 cbPeb=0x250
d48.1668: supR3HardNtPuChFindNtdll: uNtDllParentAddr=776a0000 uNtDllChildAddr=776a0000
d48.1668: supR3HardenedWinSetupChildInit: uLdrInitThunk=77712e70
d48.1668: supR3HardenedWinSetupChildInit: Start child.
d48.1668: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
d48.1668: supR3HardNtChildPurify: Startup delay kludge #1/0: 521 ms, 0 sleeps
d48.1668: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
d48.1668:  *00000000-ff3fffff 0x0001/0x0000 0x0000000
d48.1668:  *00c00000-00c00fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
d48.1668:   00c01000-00c75fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
d48.1668:   00c76000-00c76fff 0x0080/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
d48.1668:   00c77000-00ca4fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
d48.1668:   00ca5000-00ca5fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
d48.1668:   00ca6000-00ca6fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
d48.1668:   00ca7000-00ca7fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
d48.1668:   00ca8000-00ca8fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
d48.1668:   00ca9000-00caafff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
d48.1668:   00cab000-00cadfff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
d48.1668:   00cae000-00ce0fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
d48.1668:   00ce1000-00a51fff 0x0001/0x0000 0x0000000
d48.1668:  *00f70000-00f4ffff 0x0004/0x0004 0x0020000
d48.1668:  *00f90000-00f7bfff 0x0002/0x0002 0x0040000
d48.1668:   00fa4000-00f97fff 0x0001/0x0000 0x0000000
d48.1668:  *00fb0000-00eb2fff 0x0000/0x0004 0x0020000
d48.1668:   010ad000-010aafff 0x0104/0x0004 0x0020000
d48.1668:   010af000-010adfff 0x0004/0x0004 0x0020000
d48.1668:  *010b0000-010abfff 0x0002/0x0002 0x0040000
d48.1668:   010b4000-010a7fff 0x0001/0x0000 0x0000000
d48.1668:  *010c0000-010bdfff 0x0004/0x0004 0x0020000
d48.1668:   010c2000-8aae3fff 0x0001/0x0000 0x0000000
d48.1668:  *776a0000-776a0fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\WINDOWS\System32\ntdll.dll
d48.1668:   776a1000-777a5fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume2\WINDOWS\System32\ntdll.dll
d48.1668:   777a6000-777aafff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\WINDOWS\System32\ntdll.dll
d48.1668:   777ab000-777abfff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\WINDOWS\System32\ntdll.dll
d48.1668:   777ac000-777adfff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\WINDOWS\System32\ntdll.dll
d48.1668:   777ae000-77818fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\WINDOWS\System32\ntdll.dll
d48.1668:   77819000-6fad1fff 0x0001/0x0000 0x0000000
d48.1668:  *7f560000-7f53cfff 0x0002/0x0002 0x0040000
d48.1668:   7f583000-7f57ffff 0x0001/0x0000 0x0000000
d48.1668:  *7f586000-7f584fff 0x0004/0x0004 0x0020000
d48.1668:   7f587000-7f57efff 0x0001/0x0000 0x0000000
d48.1668:  *7f58f000-7f58dfff 0x0004/0x0004 0x0020000
d48.1668:   7f590000-7eb3ffff 0x0001/0x0000 0x0000000
d48.1668:  *7ffe0000-7ffdefff 0x0002/0x0002 0x0020000
d48.1668:   7ffe1000-7ffd1fff 0x0001/0x0002 0x0020000
d48.1668: VirtualBox.exe: timestamp 0x559fad2b (rc=VINF_SUCCESS)
d48.1668: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
d48.1668: '\Device\HarddiskVolume2\WINDOWS\System32\ntdll.dll' has no imports
d48.1668: supR3HardNtChildPurify: Done after 547 ms and 0 fixes (loop #0).
274.d78: Log file opened: 4.3.30r101610 g_hStartupLog=00000004 g_uNtVerCombined=0xa0280000
274.d78: supR3HardenedVmProcessInit: uNtDllAddr=776a0000
d48.1668: supR3HardNtEnableThreadCreation:
274.d78: ntdll.dll: timestamp 0x55c599e6 (rc=VINF_SUCCESS)
274.d78: New simple heap: #1 011d0000 LB 0x400000 (for 1544192 allocation)
274.d78: System32:  \Device\HarddiskVolume2\WINDOWS\System32
274.d78: WinSxS:    \Device\HarddiskVolume2\WINDOWS\WinSxS
274.d78: KnownDllPath: C:\WINDOWS\system32
274.d78: supR3HardenedVmProcessInit: Opening vboxdrv stub...
274.d78: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
274.d78: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
274.d78: Registered Dll notification callback with NTDLL.
274.d78: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\WINDOWS\System32\kernel32.dll)
274.d78: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\WINDOWS\System32\kernel32.dll
274.d78: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=00000801:<flags> [calling]
274.d78: supR3HardenedDllNotificationCallback: load   74960000 LB 0x00177000 C:\WINDOWS\system32\KERNELBASE.dll [fFlags=0x0]
274.d78: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\WINDOWS\System32\KernelBase.dll)
274.d78: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\WINDOWS\System32\KernelBase.dll
274.d78: supR3HardenedDllNotificationCallback: load   76ad0000 LB 0x00095000 C:\WINDOWS\system32\KERNEL32.DLL [fFlags=0x0]
274.d78: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\WINDOWS\System32\kernel32.dll [lacks WinVerifyTrust]
274.d78: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=76ad0000 'C:\WINDOWS\system32\KERNEL32.DLL'
274.d78: supR3HardenedDllNotificationCallback: load   00c00000 LB 0x000e1000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
274.d78: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
274.d78: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
274.d78: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
274.d78: supR3HardNtDisableThreadCreation: pvLdrInitThunk=77712e70 pvNtTerminateThread=77720f10
d48.1668: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 78 ms.
274.d78: \SystemRoot\System32\ntdll.dll:
274.d78:     CreationTime:    2015-08-11T20:21:47.437079400Z
274.d78:     LastWriteTime:   2015-08-08T06:59:45.320134700Z
274.d78:     ChangeTime:      2015-08-19T07:36:30.036165800Z
274.d78:     FileAttributes:  0x20
274.d78:     Size:            0x176c38
274.d78:     NT Headers:      0xf0
274.d78:     Timestamp:       0x55c599e6
274.d78:     Machine:         0x14c - i386
274.d78:     Timestamp:       0x55c599e6
274.d78:     Image Version:   10.0
274.d78:     SizeOfImage:     0x179000 (1544192)
274.d78:     Resource Dir:    0x10e000 LB 0x65718
274.d78:     ProductName:     Microsoft® Windows® Operating System
274.d78:     ProductVersion:  10.0.10240.16430
274.d78:     FileVersion:     10.0.10240.16430 (th1.150807-2049)
274.d78:     FileDescription: NT Layer DLL
274.d78: \SystemRoot\System32\kernel32.dll:
274.d78:     CreationTime:    2015-07-10T08:24:38.139724700Z
274.d78:     LastWriteTime:   2015-07-10T08:24:38.139724700Z
274.d78:     ChangeTime:      2015-08-09T08:09:28.602495200Z
274.d78:     FileAttributes:  0x20
274.d78:     Size:            0x986b8
274.d78:     NT Headers:      0xf8
274.d78:     Timestamp:       0x559f3b86
274.d78:     Machine:         0x14c - i386
274.d78:     Timestamp:       0x559f3b86
274.d78:     Image Version:   10.0
274.d78:     SizeOfImage:     0x95000 (610304)
274.d78:     Resource Dir:    0x8f000 LB 0x518
274.d78:     ProductName:     Microsoft® Windows® Operating System
274.d78:     ProductVersion:  10.0.10240.16384
274.d78:     FileVersion:     10.0.10240.16384 (th1.150709-1700)
274.d78:     FileDescription: Windows NT BASE API Client DLL
274.d78: \SystemRoot\System32\KernelBase.dll:
274.d78:     CreationTime:    2015-07-10T08:24:56.031660300Z
274.d78:     LastWriteTime:   2015-07-10T08:24:56.047288800Z
274.d78:     ChangeTime:      2015-08-09T08:09:28.821250800Z
274.d78:     FileAttributes:  0x20
274.d78:     Size:            0x175610
274.d78:     NT Headers:      0xf0
274.d78:     Timestamp:       0x559f3b4c
274.d78:     Machine:         0x14c - i386
274.d78:     Timestamp:       0x559f3b4c
274.d78:     Image Version:   10.0
274.d78:     SizeOfImage:     0x177000 (1536000)
274.d78:     Resource Dir:    0x15b000 LB 0x530
274.d78:     ProductName:     Microsoft® Windows® Operating System
274.d78:     ProductVersion:  10.0.10240.16384
274.d78:     FileVersion:     10.0.10240.16384 (th1.150709-1700)
274.d78:     FileDescription: Windows NT BASE API Client DLL
274.d78: \SystemRoot\System32\apisetschema.dll:
274.d78:     CreationTime:    2015-07-10T08:24:49.281165400Z
274.d78:     LastWriteTime:   2015-07-10T08:24:49.281165400Z
274.d78:     ChangeTime:      2015-07-16T22:13:27.222663600Z
274.d78:     FileAttributes:  0x20
274.d78:     Size:            0x16560
274.d78:     NT Headers:      0xc8
274.d78:     Timestamp:       0x559f4063
274.d78:     Machine:         0x14c - i386
274.d78:     Timestamp:       0x559f4063
274.d78:     Image Version:   10.0
274.d78:     SizeOfImage:     0x17000 (94208)
274.d78:     Resource Dir:    0x16000 LB 0x3f0
274.d78:     ProductName:     Microsoft® Windows® Operating System
274.d78:     ProductVersion:  10.0.10240.16384
274.d78:     FileVersion:     10.0.10240.16384 (th1.150709-1700)
274.d78:     FileDescription: ApiSet Schema DLL
274.d78: supR3HardenedWinFindAdversaries: 0x80
274.d78: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
274.d78:     CreationTime:    2015-09-02T12:25:45.733204600Z
274.d78:     LastWriteTime:   2015-09-02T12:27:35.308648300Z
274.d78:     ChangeTime:      2015-09-02T12:27:35.308648300Z
274.d78:     FileAttributes:  0x20
274.d78:     Size:            0x180d8
274.d78:     NT Headers:      0xe0
274.d78:     Timestamp:       0x552c18fe
274.d78:     Machine:         0x14c - i386
274.d78:     Timestamp:       0x552c18fe
274.d78:     Image Version:   6.1
274.d78:     SizeOfImage:     0x1c000 (114688)
274.d78:     Resource Dir:    0x1a000 LB 0x3f0
274.d78:     ProductName:     Malwarebytes Anti-Malware
274.d78:     ProductVersion:  0.2.22.0
274.d78:     FileVersion:     0.2.22.0
274.d78:     FileDescription: Malwarebytes Anti-Malware
274.d78: \SystemRoot\System32\drivers\mwac.sys:
274.d78:     CreationTime:    2015-09-02T12:25:23.511841500Z
274.d78:     LastWriteTime:   2015-06-18T06:41:58.000000000Z
274.d78:     ChangeTime:      2015-09-02T12:25:23.558716700Z
274.d78:     FileAttributes:  0x20
274.d78:     Size:            0xcad8
274.d78:     NT Headers:      0xe8
274.d78:     Timestamp:       0x53a0f437
274.d78:     Machine:         0x14c - i386
274.d78:     Timestamp:       0x53a0f437
274.d78:     Image Version:   6.2
274.d78:     SizeOfImage:     0xf000 (61440)
274.d78:     Resource Dir:    0xd000 LB 0x3e0
274.d78:     ProductName:     Malwarebytes Web Access Control
274.d78:     ProductVersion:  1.0.6.0
274.d78:     FileVersion:     1.0.6.0
274.d78:     FileDescription: Malwarebytes Web Access Control
274.d78: \SystemRoot\System32\drivers\mbamchameleon.sys:
274.d78:     CreationTime:    2015-09-02T12:25:23.558716700Z
274.d78:     LastWriteTime:   2015-06-18T06:41:42.000000000Z
274.d78:     ChangeTime:      2015-09-02T12:25:23.605591800Z
274.d78:     FileAttributes:  0x20
274.d78:     Size:            0x172d8
274.d78:     NT Headers:      0xd0
274.d78:     Timestamp:       0x554cf747
274.d78:     Machine:         0x14c - i386
274.d78:     Timestamp:       0x554cf747
274.d78:     Image Version:   6.1
274.d78:     SizeOfImage:     0x1b000 (110592)
274.d78:     Resource Dir:    0x18000 LB 0xbd8
274.d78:     ProductName:     Malwarebytes Chameleon
274.d78:     ProductVersion:  1.1.20.0
274.d78:     FileVersion:     1.1.20.0
274.d78:     FileDescription: Malwarebytes Chameleon Protection Driver
274.d78: \SystemRoot\System32\drivers\mbam.sys:
274.d78:     CreationTime:    2015-09-02T12:25:23.480586800Z
274.d78:     LastWriteTime:   2015-06-18T06:41:36.000000000Z
274.d78:     ChangeTime:      2015-09-02T12:25:23.511841500Z
274.d78:     FileAttributes:  0x20
274.d78:     Size:            0x5ad8
274.d78:     NT Headers:      0xd8
274.d78:     Timestamp:       0x540754db
274.d78:     Machine:         0x14c - i386
274.d78:     Timestamp:       0x540754db
274.d78:     Image Version:   6.1
274.d78:     SizeOfImage:     0x9000 (36864)
274.d78:     Resource Dir:    0x7000 LB 0x3d0
274.d78:     ProductName:     Malwarebytes Anti-Malware
274.d78:     ProductVersion:  0.1.15.0
274.d78:     FileVersion:     0.1.15.0
274.d78:     FileDescription: Malwarebytes Anti-Malware
274.d78: Calling main()
274.d78: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
274.d78: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
274.d78: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
274.d78: SUPR3HardenedMain: Respawn #2
274.d78: supR3HardNtEnableThreadCreation:
274.d78: supHardenedWinVerifyImageByHandle: -> -22900 (\Device\HarddiskVolume2\WINDOWS\System32\apphelp.dll)
274.d78: Error (rc=0):
274.d78: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume2\WINDOWS\System32\apphelp.dll: Not signed.: \Device\HarddiskVolume2\WINDOWS\System32\apphelp.dll
274.d78: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\WINDOWS\System32\apphelp.dll
274.d78: Error (rc=0):
274.d78: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\WINDOWS\system32\apphelp.dll' (C:\WINDOWS\system32\apphelp.dll): rcNt=0xc0000190
274.d78: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\WINDOWS\system32\apphelp.dll'
274.d78: supR3HardNtDisableThreadCreation: pvLdrInitThunk=77712e70 pvNtTerminateThread=77720f10
274.d78: supR3HardenedWinDoReSpawn(2): New child 17c4.1610 [kernel32].
274.d78: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
274.d78: supR3HardNtChildGatherData: PebBaseAddress=7fd87000 cbPeb=0x250
274.d78: supR3HardNtPuChFindNtdll: uNtDllParentAddr=776a0000 uNtDllChildAddr=776a0000
274.d78: supR3HardenedWinSetupChildInit: uLdrInitThunk=77712e70
274.d78: supR3HardenedWinSetupChildInit: Start child.
274.d78: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
274.d78: supR3HardNtChildPurify: Startup delay kludge #1/0: 527 ms, 0 sleeps
274.d78: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
274.d78:  *00000000-ff8effff 0x0001/0x0000 0x0000000
274.d78:  *00710000-006effff 0x0004/0x0004 0x0020000
274.d78:  *00730000-0071bfff 0x0002/0x0002 0x0040000
274.d78:   00744000-00737fff 0x0001/0x0000 0x0000000
274.d78:  *00750000-00652fff 0x0000/0x0004 0x0020000
274.d78:   0084d000-0084afff 0x0104/0x0004 0x0020000
274.d78:   0084f000-0084dfff 0x0004/0x0004 0x0020000
274.d78:  *00850000-0084bfff 0x0002/0x0002 0x0040000
274.d78:   00854000-004a7fff 0x0001/0x0000 0x0000000
274.d78:  *00c00000-00c00fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
274.d78:   00c01000-00c75fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
274.d78:   00c76000-00c76fff 0x0080/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
274.d78:   00c77000-00ca4fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
274.d78:   00ca5000-00ca5fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
274.d78:   00ca6000-00ca6fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
274.d78:   00ca7000-00ca7fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
274.d78:   00ca8000-00ca8fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
274.d78:   00ca9000-00caafff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
274.d78:   00cab000-00cadfff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
274.d78:   00cae000-00ce0fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
274.d78:   00ce1000-8a321fff 0x0001/0x0000 0x0000000
274.d78:  *776a0000-776a0fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\WINDOWS\System32\ntdll.dll
274.d78:   776a1000-777a5fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume2\WINDOWS\System32\ntdll.dll
274.d78:   777a6000-777aafff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\WINDOWS\System32\ntdll.dll
274.d78:   777ab000-777abfff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\WINDOWS\System32\ntdll.dll
274.d78:   777ac000-777adfff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\WINDOWS\System32\ntdll.dll
274.d78:   777ae000-77818fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\WINDOWS\System32\ntdll.dll
274.d78:   77819000-6f2d1fff 0x0001/0x0000 0x0000000
274.d78:  *7fd60000-7fd3cfff 0x0002/0x0002 0x0040000
274.d78:   7fd83000-7fd7efff 0x0001/0x0000 0x0000000
274.d78:  *7fd87000-7fd85fff 0x0004/0x0004 0x0020000
274.d78:   7fd88000-7fd80fff 0x0001/0x0000 0x0000000
274.d78:  *7fd8f000-7fd8dfff 0x0004/0x0004 0x0020000
274.d78:   7fd90000-7fb3ffff 0x0001/0x0000 0x0000000
274.d78:  *7ffe0000-7ffdefff 0x0002/0x0002 0x0020000
274.d78:   7ffe1000-7ffd1fff 0x0001/0x0002 0x0020000
274.d78: VirtualBox.exe: timestamp 0x559fad2b (rc=VINF_SUCCESS)
274.d78: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
274.d78: '\Device\HarddiskVolume2\WINDOWS\System32\ntdll.dll' has no imports
274.d78: supR3HardNtChildPurify: Done after 558 ms and 0 fixes (loop #0).
17c4.1610: Log file opened: 4.3.30r101610 g_hStartupLog=00000004 g_uNtVerCombined=0xa0280000
17c4.1610: supR3HardenedVmProcessInit: uNtDllAddr=776a0000
17c4.1610: ntdll.dll: timestamp 0x55c599e6 (rc=VINF_SUCCESS)
17c4.1610: New simple heap: #1 00cf0000 LB 0x400000 (for 1544192 allocation)
274.d78: supR3HardenedEarlyCompact: Removed heap 1 (0x11d0000 LB 0x400000)
274.d78: supR3HardNtEnableThreadCreation:
17c4.1610: System32:  \Device\HarddiskVolume2\WINDOWS\System32
17c4.1610: WinSxS:    \Device\HarddiskVolume2\WINDOWS\WinSxS
17c4.1610: KnownDllPath: C:\WINDOWS\system32
17c4.1610: supR3HardenedVmProcessInit: Opening vboxdrv...
17c4.1610: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
17c4.1610: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
17c4.1610: Registered Dll notification callback with NTDLL.
17c4.1610: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\WINDOWS\System32\kernel32.dll)
17c4.1610: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\WINDOWS\System32\kernel32.dll
17c4.1610: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=00000801:<flags> [calling]
17c4.1610: supR3HardenedDllNotificationCallback: load   74960000 LB 0x00177000 C:\WINDOWS\system32\KERNELBASE.dll [fFlags=0x0]
17c4.1610: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\WINDOWS\System32\KernelBase.dll)
17c4.1610: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\WINDOWS\System32\KernelBase.dll
17c4.1610: supR3HardenedDllNotificationCallback: load   76ad0000 LB 0x00095000 C:\WINDOWS\system32\KERNEL32.DLL [fFlags=0x0]
17c4.1610: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\WINDOWS\System32\kernel32.dll [lacks WinVerifyTrust]
17c4.1610: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=76ad0000 'C:\WINDOWS\system32\KERNEL32.DLL'
17c4.1610: supR3HardenedDllNotificationCallback: load   00c00000 LB 0x000e1000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
17c4.1610: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
17c4.1610: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
17c4.1610: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
17c4.1610: supR3HardNtDisableThreadCreation: pvLdrInitThunk=77712e70 pvNtTerminateThread=77720f10
274.d78: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 73 ms.
17c4.1610: \SystemRoot\System32\ntdll.dll:
17c4.1610:     CreationTime:    2015-08-11T20:21:47.437079400Z
17c4.1610:     LastWriteTime:   2015-08-08T06:59:45.320134700Z
17c4.1610:     ChangeTime:      2015-08-19T07:36:30.036165800Z
17c4.1610:     FileAttributes:  0x20
17c4.1610:     Size:            0x176c38
17c4.1610:     NT Headers:      0xf0
17c4.1610:     Timestamp:       0x55c599e6
17c4.1610:     Machine:         0x14c - i386
17c4.1610:     Timestamp:       0x55c599e6
17c4.1610:     Image Version:   10.0
17c4.1610:     SizeOfImage:     0x179000 (1544192)
17c4.1610:     Resource Dir:    0x10e000 LB 0x65718
17c4.1610:     ProductName:     Microsoft® Windows® Operating System
17c4.1610:     ProductVersion:  10.0.10240.16430
17c4.1610:     FileVersion:     10.0.10240.16430 (th1.150807-2049)
17c4.1610:     FileDescription: NT Layer DLL
17c4.1610: \SystemRoot\System32\kernel32.dll:
17c4.1610:     CreationTime:    2015-07-10T08:24:38.139724700Z
17c4.1610:     LastWriteTime:   2015-07-10T08:24:38.139724700Z
17c4.1610:     ChangeTime:      2015-08-09T08:09:28.602495200Z
17c4.1610:     FileAttributes:  0x20
17c4.1610:     Size:            0x986b8
17c4.1610:     NT Headers:      0xf8
17c4.1610:     Timestamp:       0x559f3b86
17c4.1610:     Machine:         0x14c - i386
17c4.1610:     Timestamp:       0x559f3b86
17c4.1610:     Image Version:   10.0
17c4.1610:     SizeOfImage:     0x95000 (610304)
17c4.1610:     Resource Dir:    0x8f000 LB 0x518
17c4.1610:     ProductName:     Microsoft® Windows® Operating System
17c4.1610:     ProductVersion:  10.0.10240.16384
17c4.1610:     FileVersion:     10.0.10240.16384 (th1.150709-1700)
17c4.1610:     FileDescription: Windows NT BASE API Client DLL
17c4.1610: \SystemRoot\System32\KernelBase.dll:
17c4.1610:     CreationTime:    2015-07-10T08:24:56.031660300Z
17c4.1610:     LastWriteTime:   2015-07-10T08:24:56.047288800Z
17c4.1610:     ChangeTime:      2015-08-09T08:09:28.821250800Z
17c4.1610:     FileAttributes:  0x20
17c4.1610:     Size:            0x175610
17c4.1610:     NT Headers:      0xf0
17c4.1610:     Timestamp:       0x559f3b4c
17c4.1610:     Machine:         0x14c - i386
17c4.1610:     Timestamp:       0x559f3b4c
17c4.1610:     Image Version:   10.0
17c4.1610:     SizeOfImage:     0x177000 (1536000)
17c4.1610:     Resource Dir:    0x15b000 LB 0x530
17c4.1610:     ProductName:     Microsoft® Windows® Operating System
17c4.1610:     ProductVersion:  10.0.10240.16384
17c4.1610:     FileVersion:     10.0.10240.16384 (th1.150709-1700)
17c4.1610:     FileDescription: Windows NT BASE API Client DLL
17c4.1610: \SystemRoot\System32\apisetschema.dll:
17c4.1610:     CreationTime:    2015-07-10T08:24:49.281165400Z
17c4.1610:     LastWriteTime:   2015-07-10T08:24:49.281165400Z
17c4.1610:     ChangeTime:      2015-07-16T22:13:27.222663600Z
17c4.1610:     FileAttributes:  0x20
17c4.1610:     Size:            0x16560
17c4.1610:     NT Headers:      0xc8
17c4.1610:     Timestamp:       0x559f4063
17c4.1610:     Machine:         0x14c - i386
17c4.1610:     Timestamp:       0x559f4063
17c4.1610:     Image Version:   10.0
17c4.1610:     SizeOfImage:     0x17000 (94208)
17c4.1610:     Resource Dir:    0x16000 LB 0x3f0
17c4.1610:     ProductName:     Microsoft® Windows® Operating System
17c4.1610:     ProductVersion:  10.0.10240.16384
17c4.1610:     FileVersion:     10.0.10240.16384 (th1.150709-1700)
17c4.1610:     FileDescription: ApiSet Schema DLL
17c4.1610: supR3HardenedWinFindAdversaries: 0x80
17c4.1610: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
17c4.1610:     CreationTime:    2015-09-02T12:25:45.733204600Z
17c4.1610:     LastWriteTime:   2015-09-02T12:27:35.308648300Z
17c4.1610:     ChangeTime:      2015-09-02T12:27:35.308648300Z
17c4.1610:     FileAttributes:  0x20
17c4.1610:     Size:            0x180d8
17c4.1610:     NT Headers:      0xe0
17c4.1610:     Timestamp:       0x552c18fe
17c4.1610:     Machine:         0x14c - i386
17c4.1610:     Timestamp:       0x552c18fe
17c4.1610:     Image Version:   6.1
17c4.1610:     SizeOfImage:     0x1c000 (114688)
17c4.1610:     Resource Dir:    0x1a000 LB 0x3f0
17c4.1610:     ProductName:     Malwarebytes Anti-Malware
17c4.1610:     ProductVersion:  0.2.22.0
17c4.1610:     FileVersion:     0.2.22.0
17c4.1610:     FileDescription: Malwarebytes Anti-Malware
17c4.1610: \SystemRoot\System32\drivers\mwac.sys:
17c4.1610:     CreationTime:    2015-09-02T12:25:23.511841500Z
17c4.1610:     LastWriteTime:   2015-06-18T06:41:58.000000000Z
17c4.1610:     ChangeTime:      2015-09-02T12:25:23.558716700Z
17c4.1610:     FileAttributes:  0x20
17c4.1610:     Size:            0xcad8
17c4.1610:     NT Headers:      0xe8
17c4.1610:     Timestamp:       0x53a0f437
17c4.1610:     Machine:         0x14c - i386
17c4.1610:     Timestamp:       0x53a0f437
17c4.1610:     Image Version:   6.2
17c4.1610:     SizeOfImage:     0xf000 (61440)
17c4.1610:     Resource Dir:    0xd000 LB 0x3e0
17c4.1610:     ProductName:     Malwarebytes Web Access Control
17c4.1610:     ProductVersion:  1.0.6.0
17c4.1610:     FileVersion:     1.0.6.0
17c4.1610:     FileDescription: Malwarebytes Web Access Control
17c4.1610: \SystemRoot\System32\drivers\mbamchameleon.sys:
17c4.1610:     CreationTime:    2015-09-02T12:25:23.558716700Z
17c4.1610:     LastWriteTime:   2015-06-18T06:41:42.000000000Z
17c4.1610:     ChangeTime:      2015-09-02T12:25:23.605591800Z
17c4.1610:     FileAttributes:  0x20
17c4.1610:     Size:            0x172d8
17c4.1610:     NT Headers:      0xd0
17c4.1610:     Timestamp:       0x554cf747
17c4.1610:     Machine:         0x14c - i386
17c4.1610:     Timestamp:       0x554cf747
17c4.1610:     Image Version:   6.1
17c4.1610:     SizeOfImage:     0x1b000 (110592)
17c4.1610:     Resource Dir:    0x18000 LB 0xbd8
17c4.1610:     ProductName:     Malwarebytes Chameleon
17c4.1610:     ProductVersion:  1.1.20.0
17c4.1610:     FileVersion:     1.1.20.0
17c4.1610:     FileDescription: Malwarebytes Chameleon Protection Driver
17c4.1610: \SystemRoot\System32\drivers\mbam.sys:
17c4.1610:     CreationTime:    2015-09-02T12:25:23.480586800Z
17c4.1610:     LastWriteTime:   2015-06-18T06:41:36.000000000Z
17c4.1610:     ChangeTime:      2015-09-02T12:25:23.511841500Z
17c4.1610:     FileAttributes:  0x20
17c4.1610:     Size:            0x5ad8
17c4.1610:     NT Headers:      0xd8
17c4.1610:     Timestamp:       0x540754db
17c4.1610:     Machine:         0x14c - i386
17c4.1610:     Timestamp:       0x540754db
17c4.1610:     Image Version:   6.1
17c4.1610:     SizeOfImage:     0x9000 (36864)
17c4.1610:     Resource Dir:    0x7000 LB 0x3d0
17c4.1610:     ProductName:     Malwarebytes Anti-Malware
17c4.1610:     ProductVersion:  0.1.15.0
17c4.1610:     FileVersion:     0.1.15.0
17c4.1610:     FileDescription: Malwarebytes Anti-Malware
17c4.1610: Calling main()
17c4.1610: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
17c4.1610: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
17c4.1610: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
17c4.1610: SUPR3HardenedMain: Final process, opening VBoxDrv...
17c4.1610: supR3HardenedEarlyCompact: Removed heap 1 (0xcf0000 LB 0x400000)
17c4.1610: supR3HardNtEnableThreadCreation:
17c4.1610: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
17c4.1610: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
17c4.1610: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000801:<flags> [calling]
17c4.1610: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
17c4.1610: supR3HardenedDllNotificationCallback: load   6fb60000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
17c4.1610: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
17c4.1610: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
17c4.1610: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000001:<flags> [calling]
17c4.1610: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6fb60000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
17c4.1610: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
17c4.1610: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000001:<flags> [calling]
17c4.1610: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6fb60000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
17c4.1610: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6fb60000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
17c4.1610: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17c4.1610: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
17c4.1610: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
17c4.1610: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'.
17c4.1610: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\WINDOWS\System32\wintrust.dll)
17c4.1610: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\WINDOWS\System32\wintrust.dll
17c4.1610: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
17c4.1610: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\WINDOWS\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
17c4.1610: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\WINDOWS\System32\rpcrt4.dll)
17c4.1610: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\WINDOWS\System32\rpcrt4.dll
17c4.1610: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
17c4.1610: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\WINDOWS\System32\crypt32.dll' [rcNtRedir=0xc0150008]
17c4.1610: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17c4.1610: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'msasn1.dll'.
17c4.1610: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\WINDOWS\System32\crypt32.dll)
17c4.1610: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\WINDOWS\System32\crypt32.dll
17c4.1610: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
17c4.1610: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\WINDOWS\System32\msasn1.dll' [rcNtRedir=0xc0150008]
17c4.1610: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\WINDOWS\System32\msasn1.dll)
17c4.1610: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\WINDOWS\System32\msasn1.dll
17c4.1610: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17c4.1610: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\WINDOWS\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17c4.1610: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\WINDOWS\System32\msvcrt.dll)
17c4.1610: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\WINDOWS\System32\msvcrt.dll
17c4.1610: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
17c4.1610: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\WINDOWS\System32\msasn1.dll' [rcNtRedir=0xc0150008]
17c4.1610: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\WINDOWS\System32\msasn1.dll [lacks WinVerifyTrust]
17c4.1610: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17c4.1610: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\WINDOWS\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17c4.1610: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\WINDOWS\System32\msvcrt.dll [lacks WinVerifyTrust]
17c4.1610: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000801:<flags> [calling]
17c4.1610: supR3HardenedDllNotificationCallback: load   77020000 LB 0x000be000 C:\WINDOWS\system32\msvcrt.dll [fFlags=0x0]
17c4.1610: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\WINDOWS\System32\msvcrt.dll [lacks WinVerifyTrust]
17c4.1610: supR3HardenedDllNotificationCallback: load   74800000 LB 0x0000e000 C:\WINDOWS\system32\MSASN1.dll [fFlags=0x0]
17c4.1610: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\WINDOWS\System32\msasn1.dll [lacks WinVerifyTrust]
17c4.1610: supR3HardenedDllNotificationCallback: load   74b20000 LB 0x00175000 C:\WINDOWS\system32\CRYPT32.dll [fFlags=0x0]
17c4.1610: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\WINDOWS\System32\crypt32.dll [lacks WinVerifyTrust]
17c4.1610: supR3HardenedDllNotificationCallback: load   75640000 LB 0x000c2000 C:\WINDOWS\system32\RPCRT4.dll [fFlags=0x0]
17c4.1610: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\WINDOWS\System32\rpcrt4.dll [lacks WinVerifyTrust]
17c4.1610: supR3HardenedDllNotificationCallback: load   74910000 LB 0x00042000 C:\WINDOWS\system32\Wintrust.dll [fFlags=0x0]
17c4.1610: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\WINDOWS\System32\wintrust.dll [lacks WinVerifyTrust]
17c4.1610: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74910000 'C:\WINDOWS\system32\Wintrust.dll'
17c4.1610: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\WINDOWS\System32\bcrypt.dll)
17c4.1610: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\WINDOWS\System32\bcrypt.dll
17c4.1610: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000801:<flags> [calling]
17c4.1610: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\WINDOWS\System32\bcrypt.dll [lacks WinVerifyTrust]
17c4.1610: supR3HardenedDllNotificationCallback: load   74410000 LB 0x0001d000 C:\WINDOWS\system32\bcrypt.dll [fFlags=0x0]
17c4.1610: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\WINDOWS\System32\bcrypt.dll [lacks WinVerifyTrust]
17c4.1610: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74410000 'C:\WINDOWS\system32\bcrypt.dll'
17c4.1610: bcrypt.dll loaded at 74410000, BCryptOpenAlgorithmProvider at 74415cc0, preloading providers:
17c4.1610: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\WINDOWS\System32\bcryptprimitives.dll)
17c4.1610: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\WINDOWS\System32\bcryptprimitives.dll
17c4.1610: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000001:<flags> [calling]
17c4.1610: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\WINDOWS\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
17c4.1610: supR3HardenedDllNotificationCallback: load   74690000 LB 0x00059000 C:\WINDOWS\system32\bcryptprimitives.dll [fFlags=0x0]
17c4.1610: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\WINDOWS\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
17c4.1610: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74690000 'C:\WINDOWS\system32\bcryptprimitives.dll'
17c4.1610:     BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=00aa9158)
17c4.1610:     BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=00aa9698)
17c4.1610:     BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=00aa9950)
17c4.1610:     BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=00aa9c08)
17c4.1610:     BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=00aa9ec0)
17c4.1610:     BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=00aaa178)
17c4.1610:     BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=00aaa430)
17c4.1610:     BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=00aaae70)
17c4.1610: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\WINDOWS\System32\wintrust.dll [lacks WinVerifyTrust]
17c4.1610: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000001:<flags> [calling]
17c4.1610: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74910000 'C:\Windows\System32\WINTRUST.DLL'
17c4.1610: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\WINDOWS\System32\wintrust.dll [lacks WinVerifyTrust]
17c4.1610: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000001:<flags> [calling]
17c4.1610: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74910000 'C:\Windows\System32\WINTRUST.DLL'
17c4.1610: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\WINDOWS\System32\wintrust.dll [lacks WinVerifyTrust]
17c4.1610: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000001:<flags> [calling]
17c4.1610: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74910000 'C:\Windows\System32\WINTRUST.DLL'
17c4.1610: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\WINDOWS\System32\wintrust.dll [lacks WinVerifyTrust]
17c4.1610: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000001:<flags> [calling]
17c4.1610: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74910000 'C:\Windows\System32\WINTRUST.DLL'
17c4.1610: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\WINDOWS\System32\wintrust.dll [lacks WinVerifyTrust]
17c4.1610: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000001:<flags> [calling]
17c4.1610: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74910000 'C:\Windows\System32\WINTRUST.DLL'
17c4.1610: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\WINDOWS\System32\wintrust.dll [lacks WinVerifyTrust]
17c4.1610: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000001:<flags> [calling]
17c4.1610: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74910000 'C:\Windows\System32\WINTRUST.DLL'
17c4.1610: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\WINDOWS\System32\wintrust.dll [lacks WinVerifyTrust]
17c4.1610: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000001:<flags> [calling]
17c4.1610: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74910000 'C:\Windows\System32\WINTRUST.DLL'
17c4.1610: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcrypt.dll'.
17c4.1610: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\WINDOWS\System32\cryptsp.dll)
17c4.1610: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\WINDOWS\System32\cryptsp.dll
17c4.1610: supR3HardenedDllNotificationCallback: load   74210000 LB 0x00013000 C:\WINDOWS\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
17c4.1610: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\WINDOWS\System32\cryptsp.dll [lacks WinVerifyTrust]
17c4.1610: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'bcrypt.dll'.
17c4.1610: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\WINDOWS\System32\rsaenh.dll)
17c4.1610: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\WINDOWS\System32\rsaenh.dll
17c4.1610: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
17c4.1610: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\WINDOWS\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
17c4.1610: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\WINDOWS\System32\bcrypt.dll [lacks WinVerifyTrust]
17c4.1610: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
17c4.1610: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\WINDOWS\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
17c4.1610: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\WINDOWS\System32\bcrypt.dll [lacks WinVerifyTrust]
17c4.1610: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000001:<flags> [calling]
17c4.1610: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\WINDOWS\System32\rsaenh.dll [lacks WinVerifyTrust]
17c4.1610: supR3HardenedDllNotificationCallback: load   73ef0000 LB 0x0002f000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
17c4.1610: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\WINDOWS\System32\rsaenh.dll [lacks WinVerifyTrust]
17c4.1610: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=73ef0000 'C:\WINDOWS\system32\rsaenh.dll'
17c4.1610: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
17c4.1610: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\WINDOWS\System32\cryptbase.dll)
17c4.1610: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\WINDOWS\System32\cryptbase.dll
17c4.1610: supR3HardenedDllNotificationCallback: load   74340000 LB 0x0000a000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
17c4.1610: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\WINDOWS\System32\cryptbase.dll [lacks WinVerifyTrust]
17c4.1610: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\WINDOWS\System32\kernel32.dll [lacks WinVerifyTrust]
17c4.1610: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
17c4.1610: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume2\WINDOWS\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
17c4.1610: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\WINDOWS\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
17c4.1610: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000001:<flags> [calling]
17c4.1610: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=76ad0000 'C:\WINDOWS\system32\kernel32.dll'
17c4.1610: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\WINDOWS\System32\wintrust.dll [lacks WinVerifyTrust]
17c4.1610: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74910000 'C:\Windows\System32\WINTRUST.DLL'
17c4.1610: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\WINDOWS\System32\crypt32.dll [lacks WinVerifyTrust]
17c4.1610: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=00000001:<flags> [calling]
17c4.1610: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74b20000 'C:\WINDOWS\system32\CRYPT32.dll'
17c4.1610: supR3HardenedDllNotificationCallback: load   76da0000 LB 0x00019000 C:\WINDOWS\system32\imagehlp.dll [fFlags=0x0]
17c4.1610: supHardenedWinVerifyImageByHandle: -> -626 (\Device\HarddiskVolume2\WINDOWS\System32\imagehlp.dll)
17c4.1610: Error (rc=0):
17c4.1610: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -626 (0xfffffd8e) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume2\WINDOWS\System32\imagehlp.dll: 
17c4.1610: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\WINDOWS\System32\imagehlp.dll
17c4.1610: Fatal error:
17c4.1610: supR3HardenedDllNotificationCallback: supR3HardenedScreenImage failed on 'C:\WINDOWS\system32\imagehlp.dll' / '\??\C:\WINDOWS\system32\imagehlp.dll': 0xc0000190
274.d78: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 151 ms, the end);
d48.1668: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 798 ms, the end);

chappidi
Posts: 1
Joined: 4. Sep 2015, 18:15

Re: Error "Failed to open a session for the virtual machine.

Post by chappidi »

Hi,

i got below error:

Failed to open a session for the virtual machine LinuxTestEnvironment.
The virtual machine 'LinuxTestEnvironment' has terminated unexpectedly during startup with exit code 1 (0x1). More details may be available in 'D:\VitualBox\LinuxTestEnvironment\Logs\VBoxStartup.log'.
Result Code: E_FAIL (0x80004005)
Component: MachineWrap
Interface: IMachine {f30138d4-e5ea-4b3a-8858-a059de4c93fd}

Host machine : windows 7 ultimate Service pack 1
Guest Machine: Ubuntu 15.04

I tried disabling Avira,no luck.But It is working fine for me after uninstalling Avira Antivirus.please make sure to run as administrator while starting Virtual Box

Thanks & regards.
Broneko
Posts: 1
Joined: 9. Oct 2015, 04:17

Re: Error "Failed to open a session for the virtual machine.

Post by Broneko »

Failed to open a session for the virtual machine win7 DLR1.

The virtual machine 'win7 DLR1' has terminated unexpectedly during startup with exit code 1 (0x1). More details may be available in 'C:\Users\Riley\VirtualBox VMs\win7 DLR1\Logs\VBoxHardening.log'.

Result Code: E_FAIL (0x80004005)
Component: MachineWrap
Interface: IMachine {f30138d4-e5ea-4b3a-8858-a059de4c93fd}


Windows 10 host
Trying to run Win7 64bit
Windows defender
I have been looking all over the place for help on this. Nothing has worked. Someone give me a push in the right direction lol
Attachments
First error msg
First error msg
Capture.JPG (37.76 KiB) Viewed 23356 times
VBoxHardening.log
(11.05 KiB) Downloaded 124 times
jonesn
Posts: 4
Joined: 10. Dec 2014, 11:10

Re: Error "Failed to open a session for the virtual machine.

Post by jonesn »

Got the same here after upgrading to 5.08 (from 5.06) - though it's possible there'd been windows updates too

3548.b70: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\windows\system32\crypt32.dll' (C:\windows\system32\crypt32.dll): rcNt=0xc0000190
3548.b70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\windows\system32\crypt32.dll'
3548.b70: Fatal error:
3548.b70: Error loading 'crypt32.dll': 1790 [C:\windows\system32\crypt32.dll]

windows 7 x64 (was up to date as of 19 Oct)
jonesn
Posts: 4
Joined: 10. Dec 2014, 11:10

Re: Error "Failed to open a session for the virtual machine.

Post by jonesn »

And fixed for me in 5.0.9 beta build 103580 :-) Phew!
Sara gh
Posts: 1
Joined: 6. Nov 2015, 11:04

Re: Error "Failed to open a session for the virtual machine.

Post by Sara gh »

The virtual machine 'ubuntu' has terminated unexpectedly during startup with exit code 1 (0x1). More details may be available in 'C:\Users\Sara\VirtualBox VMs\ubuntu\Logs\VBoxHardening.log'.


Code d'erreur :
E_FAIL (0x80004005)
Composant :
MachineWrap
Interface :
IMachine {f30138d4-e5ea-4b3a-8858-a059de4c93fd}
VBoxHardening.zip
(17.34 KiB) Downloaded 200 times
paj
Posts: 2
Joined: 11. Nov 2015, 08:48

Re: Error "Failed to open a session for the virtual machine.

Post by paj »

Hi,

Seems to be re-introduced in 5.0.8 and fixed again in 5.0.10(104061) :)
Host: Ubuntu 14.04
Guest: Debian 8.2
ObviouslyGreen
Posts: 1
Joined: 17. Nov 2015, 04:06

Re: Error "Failed to open a session for the virtual machine.

Post by ObviouslyGreen »

I think this has something to do with the extension pack. I'm running Windows 10. I was running 5.08 and upgrading to 5.10.

I got the error after installing the extension pack. I uninstalled VBox, and reinstalled, and it worked again. I think this happened when I upgraded to 5.08 too.

I haven't tried running a VM when upgrading and not installing the extension pack, so I'm not 100% sure, but it's worth looking into.
sudeepk
Posts: 1
Joined: 29. Dec 2015, 16:53

Re: Error "Failed to open a session for the virtual machine.

Post by sudeepk »

Hey,
I too got the same error!
The error is because, either you logged in as a different user than that of your admin account or you had given admin privilege to other user account.
Solution is simple. Just right on oracle VM and select 'Run as Administrator'.
Note :no reinstalling required.
Hope this helps. :D
jonnyparko
Posts: 1
Joined: 5. Feb 2016, 03:42

Re: Error "Failed to open a session for the virtual machine.

Post by jonnyparko »

I believe this error code is pretty general. I got the same error due to Avira AntiVirus...
motecl
Posts: 2
Joined: 1. Oct 2016, 08:41

Re: Error "Failed to open a session for the virtual machine..."

Post by motecl »

help I got this problem
Fallo al abrir una sesión para la máquina virtual RHEL-RED.

The virtual machine 'RHEL-RED' has terminated unexpectedly during startup with exit code 1 (0x1). More details may be available in 'C:\Users\Moises\VirtualBox VMs\RHEL-RED\Logs\VBoxHardening.log'.

Código Resultado: E_FAIL (0x80004005)
Componente: MachineWrap
Interfaz: IMachine {b2547866-a0a1-4391-8b86-6952d82efaa0}
Please help guys need practice with RedHat :C
Attachments
VBoxHardening.rar
(15.4 KiB) Downloaded 142 times
Locked