supR3HardenedWinReSpwan error

Discussions related to using VirtualBox on Windows hosts.
Post Reply
Bentley
Posts: 4
Joined: 20. Jul 2016, 17:31

supR3HardenedWinReSpwan error

Post by Bentley »

I have searched the forums and Google for a solution that can resolve my issue when trying to start my VM but I have not yet found one.

If I uninstall/reboot/install, it will work fine, but then the next reboot I get Error in supR3HardenedWinReSpawn. My error has differed from others.
"what: 5 VERR_INVALID_NAME (-104) - Invalid (malformed) file/path" is the error I receive.

Version: 5.0.24 r108355
Anti-Virus: Bitdefender and Cylance
What: supR3HardenedWinReSpawn
Where: 5 VERR_INVALID_NAME (-104) - Invalid (malformed) file/path

I have removed Bitdefender and tried to run it but I still receive the same error. Cylance is non-intrusive so I think that it is not also causing a problem.
I have tried deleting the registry key [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
"C:\\Program Files\\Oracle\\VirtualBox\\VirtualBox.exe"="DISABLEUSERCALLBACKEXCEPTION" but it does not exist on my machine.

Attached is an error log and screen shots of the errors I am receiving.

I'd appreciate any assistance anyone can give.
Attachments
Screenshots and Log.zip
(66.6 KiB) Downloaded 13 times
socratis
Site Moderator
Posts: 27330
Joined: 22. Oct 2010, 11:03
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Win(*>98), Linux*, OSX>10.5
Location: Greece

Re: supR3HardenedWinReSpwan error

Post by socratis »

[quote]supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\WIDCOMM\Bluetooth Software\btmmhook.dll'[/quote]
I don't even like the name of that one. It has 'hook' right there. Methinks that it's attaching itself to all processes to make it easy to "Send via Bluetooth". But I could be wrong. The fact remains that it is an unsigned DLL that is hooking itself to other processes. Not gonna happen.
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
Bentley
Posts: 4
Joined: 20. Jul 2016, 17:31

Re: supR3HardenedWinReSpwan error

Post by Bentley »

socratis wrote:
[quote]supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\WIDCOMM\Bluetooth Software\btmmhook.dll'

I don't even like the name of that one. It has 'hook' right there. Methinks that it's attaching itself to all processes to make it easy to "Send via Bluetooth". But I could be wrong. The fact remains that it is an unsigned DLL that is hooking itself to other processes. Not gonna happen.[/quote]

Would simply removing/relocating this file be a safe bet for getting past this error or would this cause another error by chance?
socratis
Site Moderator
Posts: 27330
Joined: 22. Oct 2010, 11:03
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Win(*>98), Linux*, OSX>10.5
Location: Greece

Re: supR3HardenedWinReSpwan error

Post by socratis »

I have no clue. I'm not on Windows, but I suspect that it ... could work? Why don't you give it a try? You got nothing to lose. Oh, since it's already loaded in memory, you'll have to rename the DLL and reboot.

If that solves it, a more permanent option would be to ask the developer of the software to sign their software. BTW, that was "a single" DLL that I found, I didn't do a thorough search.
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
Bentley
Posts: 4
Joined: 20. Jul 2016, 17:31

Re: supR3HardenedWinReSpwan error

Post by Bentley »

socratis wrote:I have no clue. I'm not on Windows, but I suspect that it ... could work? Why don't you give it a try? You got nothing to lose. Oh, since it's already loaded in memory, you'll have to rename the DLL and reboot.

If that solves it, a more permanent option would be to ask the developer of the software to sign their software. BTW, that was "a single" DLL that I found, I didn't do a thorough search.
So the issue looks like it was cause by a reject error within a Widcomm Bluetooth Software (btmmhook.dll). I have uninstalled the Widcomm Bluetooth Software. Rebooted. Same Error when trying to start a VM. I looked through the log file, and there are no more rejects at least.

I've attached screen shot and a log file of my attempt. I figured that it would work this time around.
Attachments
Screenshots and Log.zip
(65.75 KiB) Downloaded 7 times
socratis
Site Moderator
Posts: 27330
Joined: 22. Oct 2010, 11:03
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Win(*>98), Linux*, OSX>10.5
Location: Greece

Re: supR3HardenedWinReSpwan error

Post by socratis »

I see two potential candidates:
- CylancePROTECT
- NVIDIA add-ons
See if disabling/uninstalling them makes a difference.

PS. You don't have to include your screenshots anymore.
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
Bentley
Posts: 4
Joined: 20. Jul 2016, 17:31

Re: supR3HardenedWinReSpwan error

Post by Bentley »

Sorry for the delayed response. I have been working on removing Cylance and the Nvidia Add-Ons. I still receive the same error (see the attached Log file). There is a lingering system/drive file for Cylance that cannot be removed...not sure if this file is what is causing the error or not.
Attachments
logs.zip
(10.94 KiB) Downloaded 6 times
socratis
Site Moderator
Posts: 27330
Joined: 22. Oct 2010, 11:03
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Win(*>98), Linux*, OSX>10.5
Location: Greece

Re: supR3HardenedWinReSpwan error

Post by socratis »

Bentley wrote:There is a lingering system/drive file for Cylance that cannot be removed
What do you mean? Did you try to boot in safe mode and remove it? Did you check the services if anything is running that is related to Cylance? Check Autoruns from Microsoft (actually the whole SysInternalsSuite is a must have) and see if you can disable any non-Microsoft, non-essential services and drivers. Just one thing; if you run Autoruns, make sure to right-click and "Run as Administrator".
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
Post Reply