Here is the Hardening.log:(rc = -5640) Please try reinstalling VirtualBox.
where: supR3HardenedWinReSpawn what: 1 VERR_SUP_VP_THREAD_NOT_ALONE (-5640) - Process Verification Failure: The process has more than one thread.
Now I've tried many things.Code: Select all
2e84.1340: Log file opened: 5.2.14r123301 g_hStartupLog=0000000000000170 g_uNtVerCombined=0xa0383900 2e84.1340: \SystemRoot\System32\ntdll.dll: 2e84.1340: CreationTime: 2017-10-16T14:10:15.589015400Z 2e84.1340: LastWriteTime: 2017-09-07T06:03:35.589628500Z 2e84.1340: ChangeTime: 2018-03-22T16:54:40.122678600Z 2e84.1340: FileAttributes: 0x20 2e84.1340: Size: 0x1cccb0 2e84.1340: NT Headers: 0xd8 2e84.1340: Timestamp: 0x59b0d03e 2e84.1340: Machine: 0x8664 - amd64 2e84.1340: Timestamp: 0x59b0d03e 2e84.1340: Image Version: 10.0 2e84.1340: SizeOfImage: 0x1d2000 (1908736) 2e84.1340: Resource Dir: 0x169000 LB 0x67a50 2e84.1340: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] 2e84.1340: [Raw version resource data: 0x1690f0 LB 0x398, codepage 0x0 (reserved 0x0)] 2e84.1340: ProductName: Microsoft® Windows® Operating System 2e84.1340: ProductVersion: 10.0.14393.1715 2e84.1340: FileVersion: 10.0.14393.1715 (rs1_release_inmarket.170906-1810) 2e84.1340: FileDescription: NT Layer DLL 2e84.1340: \SystemRoot\System32\kernel32.dll: 2e84.1340: CreationTime: 2017-08-05T12:04:26.342899300Z 2e84.1340: LastWriteTime: 2017-04-28T00:49:43.332433600Z 2e84.1340: ChangeTime: 2018-03-22T16:54:38.891444600Z 2e84.1340: FileAttributes: 0x20 2e84.1340: Size: 0xab208 2e84.1340: NT Headers: 0xf0 2e84.1340: Timestamp: 0x59028368 2e84.1340: Machine: 0x8664 - amd64 2e84.1340: Timestamp: 0x59028368 2e84.1340: Image Version: 10.0 2e84.1340: SizeOfImage: 0xac000 (704512) 2e84.1340: Resource Dir: 0xaa000 LB 0x530 2e84.1340: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 2e84.1340: [Raw version resource data: 0xaa0b0 LB 0x3b4, codepage 0x0 (reserved 0x0)] 2e84.1340: ProductName: Microsoft® Windows® Operating System 2e84.1340: ProductVersion: 10.0.14393.1198 2e84.1340: FileVersion: 10.0.14393.1198 (rs1_release_sec.170427-1353) 2e84.1340: FileDescription: Windows NT BASE API Client DLL 2e84.1340: \SystemRoot\System32\KernelBase.dll: 2e84.1340: CreationTime: 2018-03-22T16:27:49.530367800Z 2e84.1340: LastWriteTime: 2018-03-02T09:07:30.254111800Z 2e84.1340: ChangeTime: 2018-03-23T12:02:59.582556100Z 2e84.1340: FileAttributes: 0x20 2e84.1340: Size: 0x21c780 2e84.1340: NT Headers: 0xf8 2e84.1340: Timestamp: 0x5a9906f8 2e84.1340: Machine: 0x8664 - amd64 2e84.1340: Timestamp: 0x5a9906f8 2e84.1340: Image Version: 10.0 2e84.1340: SizeOfImage: 0x21d000 (2215936) 2e84.1340: Resource Dir: 0x201000 LB 0x550 2e84.1340: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 2e84.1340: [Raw version resource data: 0x2010b0 LB 0x3c4, codepage 0x0 (reserved 0x0)] 2e84.1340: ProductName: Microsoft® Windows® Operating System 2e84.1340: ProductVersion: 10.0.14393.2125 2e84.1340: FileVersion: 10.0.14393.2125 (rs1_release.180301-2139) 2e84.1340: FileDescription: Windows NT BASE API Client DLL 2e84.1340: \SystemRoot\System32\apisetschema.dll: 2e84.1340: CreationTime: 2018-03-22T16:21:43.172673700Z 2e84.1340: LastWriteTime: 2018-03-02T09:07:28.044323200Z 2e84.1340: ChangeTime: 2018-03-23T12:02:57.396184500Z 2e84.1340: FileAttributes: 0x20 2e84.1340: Size: 0x18960 2e84.1340: NT Headers: 0xc8 2e84.1340: Timestamp: 0x5a990a54 2e84.1340: Machine: 0x8664 - amd64 2e84.1340: Timestamp: 0x5a990a54 2e84.1340: Image Version: 10.0 2e84.1340: SizeOfImage: 0x19000 (102400) 2e84.1340: Resource Dir: 0x18000 LB 0x400 2e84.1340: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 2e84.1340: [Raw version resource data: 0x18060 LB 0x3a0, codepage 0x0 (reserved 0x0)] 2e84.1340: ProductName: Microsoft® Windows® Operating System 2e84.1340: ProductVersion: 10.0.14393.2125 2e84.1340: FileVersion: 10.0.14393.2125 (rs1_release.180301-2139) 2e84.1340: FileDescription: ApiSet Schema DLL 2e84.1340: NtOpenDirectoryObject failed on \Driver: 0xc0000022 2e84.1340: supR3HardenedWinFindAdversaries: 0x12000 2e84.1340: \SystemRoot\System32\drivers\dgmaster.sys: 2e84.1340: CreationTime: 2018-05-23T15:36:37.521261200Z 2e84.1340: LastWriteTime: 2018-05-02T22:14:14.000000000Z 2e84.1340: ChangeTime: 2018-05-23T15:36:37.646276400Z 2e84.1340: FileAttributes: 0x20 2e84.1340: Size: 0x2643c8 2e84.1340: NT Headers: 0x108 2e84.1340: Timestamp: 0x5aea3ef6 2e84.1340: Machine: 0x8664 - amd64 2e84.1340: Timestamp: 0x5aea3ef6 2e84.1340: Image Version: 6.3 2e84.1340: SizeOfImage: 0x33f000 (3403776) 2e84.1340: Resource Dir: 0x2ff000 LB 0x35f68 2e84.1340: [Version info resource found at 0x270! (ID/Name: 0x1; SubID/SubName: 0x409)] 2e84.1340: [Raw version resource data: 0x334c30 LB 0x338, codepage 0x0 (reserved 0x0)] 2e84.1340: ProductName: Digital Guardian 2e84.1340: ProductVersion: 7.4 2e84.1340: FileVersion: 7.4.1.0186 2e84.1340: FileDescription: Digital Guardian Agent Master 2e84.1340: supR3HardenedWinFindAdversaries: Found newer version: 0x12000 -> 0x14000 2e84.1340: \SystemRoot\System32\drivers\privman.sys: 2e84.1340: CreationTime: 2018-07-06T11:53:05.369267500Z 2e84.1340: LastWriteTime: 2018-05-16T17:23:54.000000000Z 2e84.1340: ChangeTime: 2018-07-07T02:57:42.758964100Z 2e84.1340: FileAttributes: 0x20 2e84.1340: Size: 0x115e8 2e84.1340: NT Headers: 0xf8 2e84.1340: Timestamp: 0x5afc5ee2 2e84.1340: Machine: 0x8664 - amd64 2e84.1340: Timestamp: 0x5afc5ee2 2e84.1340: Image Version: 6.1 2e84.1340: SizeOfImage: 0x11000 (69632) 2e84.1340: Resource Dir: 0xc000 LB 0x32a8 2e84.1340: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x0)] 2e84.1340: [Raw version resource data: 0xc0a0 LB 0x33c, codepage 0x0 (reserved 0x0)] 2e84.1340: ProductName: PowerBroker for Windows 2e84.1340: ProductVersion: 7.5.0.0 2e84.1340: FileVersion: 7.5.0.0 2e84.1340: FileDescription: PowerBroker for Windows 2e84.1340: \SystemRoot\System32\privman64.dll: 2e84.1340: CreationTime: 2018-05-16T17:59:28.000000000Z 2e84.1340: LastWriteTime: 2018-05-16T17:59:28.000000000Z 2e84.1340: ChangeTime: 2018-07-07T02:57:42.788041900Z 2e84.1340: FileAttributes: 0x20 2e84.1340: Size: 0x3a178 2e84.1340: NT Headers: 0xf8 2e84.1340: Timestamp: 0x5afc5e64 2e84.1340: Machine: 0x8664 - amd64 2e84.1340: Timestamp: 0x5afc5e64 2e84.1340: Image Version: 0.0 2e84.1340: SizeOfImage: 0x3c000 (245760) 2e84.1340: Resource Dir: 0x3a000 LB 0x578 2e84.1340: [Version info resource found at 0x80! (ID/Name: 0x1; SubID/SubName: 0x0)] 2e84.1340: [Raw version resource data: 0x3a0a0 LB 0x37c, codepage 0x4e4 (reserved 0x0)] 2e84.1340: ProductName: PowerBroker for Windows 2e84.1340: ProductVersion: 7.5.0.0 2e84.1340: FileVersion: 7.5.0.0 2e84.1340: FileDescription: BeyondTrust PowerBroker for Windows DLL 2e84.1340: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox' 2e84.1340: Calling main() 2e84.1340: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 2e84.1340: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox' 2e84.1340: SUPR3HardenedMain: Respawn #1 2e84.1340: System32: \Device\HarddiskVolume4\Windows\System32 2e84.1340: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS 2e84.1340: KnownDllPath: C:\WINDOWS\System32 2e84.1340: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 2e84.1340: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe) 3338.3344: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll [lacks WinVerifyTrust] 3338.3344: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\SHCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 3338.3344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdad240000 'C:\WINDOWS\system32\SHCore.dll' 3338.3344: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll; rcNtGetDll=0x0 hMod=00007ffdb0790000 'C:\WINDOWS\System32\ntdll.dll' 3338.3344: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntdll.dll [lacks WinVerifyTrust] 3338.3344: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling] 3338.3344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdb0790000 'C:\WINDOWS\System32\ntdll.dll' 2e84.1340: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 79688 ms, the end);
Reinstalling VirtualBox
This work around:
Completely uninstall any VirtualBox currently installed
Restart the computer
Install the latest version of VirtualBox
After install completes do not restart the computer
Open the registry editor. Start > Run > regedit
Go to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VBoxDrv
Edit the key called Start. Change it's value from 1 to 3
Close the registry editor and restart your computer. After your computer restarts you should be able to use VirtualBox without any issues.
Tried older versions.
Basically I need a way tostart VB VM without the Antivirus knowing ( and without adding an exception to the Antivirus program as it is unreachable ). Anyone have any suggestions?