Hardening Issue: Ubuntu Image on Windows Host

[sylvzen]

I am trying to start an ubuntu VM on my Windows PC (Windows 10 Home, i5, geforce 1660).

The virtual machine 'Ubuntu' has terminated unexpectedly during startup with exit code -1073741819 (0xc0000005). More details may be available in 'C:\Users\sylva\VirtualBox VMs\Ubuntu\Logs\VBoxHardening.log'.

Result Code:
E_FAIL (0x80004005)
Component:
MachineWrap
Interface:
IMachine {85632c68-b5bb-4316-a900-5eb28d3413df}

Highlights from VBoxHardening:

14a0.1c9c: supHardNtVpGetImport: Failed to find symbol 0xffffffff / 'NtUserRegisterClassExWOW' in 'win32u.dll': Unknown Status -610 (0xfffffd9e)
14a0.1c9c: Error (rc=-5629):
14a0.1c9c: RTLdrGetBits failed on image user32.dll: Unknown Status -610 (0xfffffd9e)

[mpack]

There was a whole bunch of other things going wrong before the log got to your "highlight". For example many instances like this:

30c0.920: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffbcae7a000 LB 0x4000 (base 00007ffbcae70000) - 'wtsapi32.dll'
30c0.920: 00007ffbcae7e000-00007ffbcae7efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\wtsapi32.dll
30c0.920: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffbcae7e000 LB 0x1000 (base 00007ffbcae70000) - 'wtsapi32.dll'
30c0.920: 00007ffbcae7f000-00007ffbcae82fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\wtsapi32.dll
30c0.920: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffbcae7f000 LB 0x4000 (base 00007ffbcae70000) - 'wtsapi32.dll'
...
30c0.920: ntdll.dll: Differences in section #0 (headers) between file and memory:
30c0.920: 00007ffbd14a001c / 0x000001c: 00 != 44
30c0.920: 00007ffbd14a001d / 0x000001d: 00 != 65
30c0.920: 00007ffbd14a001e / 0x000001e: 00 != 74
30c0.920: 00007ffbd14a001f / 0x000001f: 00 != 6f
30c0.920: 00007ffbd14a0020 / 0x0000020: 00 != 75
30c0.920: 00007ffbd14a0021 / 0x0000021: 00 != 72
30c0.920: 00007ffbd14a0022 / 0x0000022: 00 != 73
30c0.920: 00007ffbd14a0023 / 0x0000023: 00 != 21
30c0.920: Restored 0x400 bytes of original file content at 00007ffbd14a0000

Etc etc. No "adversaries" were reported in the log, but either you have third party AV, are using a theme manager, or your Windows install has been royally hacked.

Edit:  In fact I see it now: Fasoo DRM, a known turd pile.

[sylvzen]

Awesome, it works! I have no idea why I had this Fasoo DRM on my PC.
How did you figure out it is Fasoo DRM?

[mpack]

Just search for Fasoo in the log, you'll see the hints.