131c.16ec: Log file opened: 5.1.12r112440 g_hStartupLog=0000000000000024 g_uNtVerCombined=0x611db110 131c.16ec: \SystemRoot\System32\ntdll.dll: 131c.16ec: CreationTime: 2016-11-15T03:52:07.871093700Z 131c.16ec: LastWriteTime: 2016-10-07T15:35:29.838228900Z 131c.16ec: ChangeTime: 2016-11-15T17:14:06.626953100Z 131c.16ec: FileAttributes: 0x20 131c.16ec: Size: 0x1a7100 131c.16ec: NT Headers: 0xe0 131c.16ec: Timestamp: 0x57f7c06e 131c.16ec: Machine: 0x8664 - amd64 131c.16ec: Timestamp: 0x57f7c06e 131c.16ec: Image Version: 6.1 131c.16ec: SizeOfImage: 0x1aa000 (1744896) 131c.16ec: Resource Dir: 0x14e000 LB 0x5a028 131c.16ec: ProductName: Microsoft® Windows® Operating System 131c.16ec: ProductVersion: 6.1.7601.23569 131c.16ec: FileVersion: 6.1.7601.23569 (win7sp1_ldr.161007-0600) 131c.16ec: FileDescription: NT Layer DLL 131c.16ec: \SystemRoot\System32\kernel32.dll: 131c.16ec: CreationTime: 2016-11-15T03:52:07.011718700Z 131c.16ec: LastWriteTime: 2016-10-07T15:32:25.787000000Z 131c.16ec: ChangeTime: 2016-11-15T17:14:08.330078100Z 131c.16ec: FileAttributes: 0x20 131c.16ec: Size: 0x11c000 131c.16ec: NT Headers: 0xe0 131c.16ec: Timestamp: 0x57f7c0b3 131c.16ec: Machine: 0x8664 - amd64 131c.16ec: Timestamp: 0x57f7c0b3 131c.16ec: Image Version: 6.1 131c.16ec: SizeOfImage: 0x11f000 (1175552) 131c.16ec: Resource Dir: 0x116000 LB 0x528 131c.16ec: ProductName: Microsoft® Windows® Operating System 131c.16ec: ProductVersion: 6.1.7601.23569 131c.16ec: FileVersion: 6.1.7601.23569 (win7sp1_ldr.161007-0600) 131c.16ec: FileDescription: Windows NT BASE API Client DLL 131c.16ec: \SystemRoot\System32\KernelBase.dll: 131c.16ec: CreationTime: 2016-11-15T03:52:39.089843700Z 131c.16ec: LastWriteTime: 2016-10-07T15:32:25.802000000Z 131c.16ec: ChangeTime: 2016-11-15T17:14:08.298828100Z 131c.16ec: FileAttributes: 0x20 131c.16ec: Size: 0x66800 131c.16ec: NT Headers: 0xe8 131c.16ec: Timestamp: 0x57f7c0b4 131c.16ec: Machine: 0x8664 - amd64 131c.16ec: Timestamp: 0x57f7c0b4 131c.16ec: Image Version: 6.1 131c.16ec: SizeOfImage: 0x6a000 (434176) 131c.16ec: Resource Dir: 0x68000 LB 0x530 131c.16ec: ProductName: Microsoft® Windows® Operating System 131c.16ec: ProductVersion: 6.1.7601.23569 131c.16ec: FileVersion: 6.1.7601.23569 (win7sp1_ldr.161007-0600) 131c.16ec: FileDescription: Windows NT BASE API Client DLL 131c.16ec: \SystemRoot\System32\apisetschema.dll: 131c.16ec: CreationTime: 2016-11-15T03:52:35.730468700Z 131c.16ec: LastWriteTime: 2016-10-07T15:32:20.717000000Z 131c.16ec: ChangeTime: 2016-11-15T17:14:06.533203100Z 131c.16ec: FileAttributes: 0x20 131c.16ec: Size: 0x1a00 131c.16ec: NT Headers: 0xc0 131c.16ec: Timestamp: 0x57f7c04d 131c.16ec: Machine: 0x8664 - amd64 131c.16ec: Timestamp: 0x57f7c04d 131c.16ec: Image Version: 6.1 131c.16ec: SizeOfImage: 0x50000 (327680) 131c.16ec: Resource Dir: 0x30000 LB 0x3f8 131c.16ec: ProductName: Microsoft® Windows® Operating System 131c.16ec: ProductVersion: 6.1.7601.23569 131c.16ec: FileVersion: 6.1.7601.23569 (win7sp1_ldr.161007-0600) 131c.16ec: FileDescription: ApiSet Schema DLL 131c.16ec: NtOpenDirectoryObject failed on \Driver: 0xc0000022 131c.16ec: supR3HardenedWinFindAdversaries: 0x2003 131c.16ec: \SystemRoot\System32\drivers\SysPlant.sys: 131c.16ec: CreationTime: 2016-10-28T16:37:40.989750100Z 131c.16ec: LastWriteTime: 2016-10-28T16:37:40.993750100Z 131c.16ec: ChangeTime: 2016-10-28T16:37:40.993750100Z 131c.16ec: FileAttributes: 0x20 131c.16ec: Size: 0x2b9a8 131c.16ec: NT Headers: 0x100 131c.16ec: Timestamp: 0x576a282d 131c.16ec: Machine: 0x8664 - amd64 131c.16ec: Timestamp: 0x576a282d 131c.16ec: Image Version: 5.0 131c.16ec: SizeOfImage: 0x30000 (196608) 131c.16ec: Resource Dir: 0x2e000 LB 0x498 131c.16ec: ProductName: Symantec CMC Firewall 131c.16ec: ProductVersion: 12.1.7004.6500 131c.16ec: FileVersion: 12.1.7004.6500 131c.16ec: FileDescription: Symantec CMC Firewall SysPlant 131c.16ec: \SystemRoot\System32\sysfer.dll: 131c.16ec: CreationTime: 2016-10-28T16:37:40.982750100Z 131c.16ec: LastWriteTime: 2016-10-28T16:37:40.985750100Z 131c.16ec: ChangeTime: 2016-10-28T16:37:40.985750100Z 131c.16ec: FileAttributes: 0x20 131c.16ec: Size: 0x73728 131c.16ec: NT Headers: 0xf0 131c.16ec: Timestamp: 0x576a2837 131c.16ec: Machine: 0x8664 - amd64 131c.16ec: Timestamp: 0x576a2837 131c.16ec: Image Version: 0.0 131c.16ec: SizeOfImage: 0x89000 (561152) 131c.16ec: Resource Dir: 0x87000 LB 0x630 131c.16ec: ProductName: Symantec CMC Firewall 131c.16ec: ProductVersion: 12.1.7004.6500 131c.16ec: FileVersion: 12.1.7004.6500 131c.16ec: FileDescription: Symantec CMC Firewall sysfer 131c.16ec: \SystemRoot\System32\drivers\symevent64x86.sys: 131c.16ec: CreationTime: 2016-10-22T00:25:28.223745900Z 131c.16ec: LastWriteTime: 2016-10-28T16:38:07.563750100Z 131c.16ec: ChangeTime: 2016-10-28T16:38:07.563750100Z 131c.16ec: FileAttributes: 0x20 131c.16ec: Size: 0x2b8d8 131c.16ec: NT Headers: 0xe8 131c.16ec: Timestamp: 0x54b87d44 131c.16ec: Machine: 0x8664 - amd64 131c.16ec: Timestamp: 0x54b87d44 131c.16ec: Image Version: 6.0 131c.16ec: SizeOfImage: 0x38000 (229376) 131c.16ec: Resource Dir: 0x36000 LB 0x3c8 131c.16ec: ProductName: SYMEVENT 131c.16ec: ProductVersion: 12.9.6.12 131c.16ec: FileVersion: 12.9.6.12 131c.16ec: FileDescription: Symantec Event Library 131c.16ec: \SystemRoot\System32\drivers\dgmaster.sys: 131c.16ec: CreationTime: 2016-11-29T22:54:35.426757800Z 131c.16ec: LastWriteTime: 2016-11-30T14:52:55.174211700Z 131c.16ec: ChangeTime: 2016-11-30T17:08:19.015625000Z 131c.16ec: FileAttributes: 0x20 131c.16ec: Size: 0x381c68 131c.16ec: NT Headers: 0x108 131c.16ec: Timestamp: 0x583ee79f 131c.16ec: Machine: 0x8664 - amd64 131c.16ec: Timestamp: 0x583ee79f 131c.16ec: Image Version: 6.3 131c.16ec: SizeOfImage: 0x443000 (4468736) 131c.16ec: Resource Dir: 0x403000 LB 0x35f48 131c.16ec: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 131c.16ec: Calling main() 131c.16ec: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 131c.16ec: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 131c.16ec: SUPR3HardenedMain: Respawn #1 131c.16ec: System32: \Device\HarddiskVolume2\Windows\System32 131c.16ec: WinSxS: \Device\HarddiskVolume2\Windows\winsxs 131c.16ec: KnownDllPath: C:\Windows\system32 131c.16ec: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 131c.16ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe) 131c.16ec: supR3HardNtEnableThreadCreation: 131c.16ec: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007766a360 pvNtTerminateThread=000000007768c260 131c.16ec: supR3HardenedWinDoReSpawn(1): New child c28.1528 [kernel32]. 131c.16ec: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdf000 cbPeb=0x380 131c.16ec: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077640000 uNtDllChildAddr=0000000077640000 131c.16ec: supR3HardenedWinSetupChildInit: uLdrInitThunk=000000007766a360 131c.16ec: supR3HardenedWinSetupChildInit: Start child. 131c.16ec: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 250 ms. 131c.16ec: supR3HardNtChildPurify: Startup delay kludge #1/0: 515 ms, 33 sleeps 131c.16ec: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 131c.16ec: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000 131c.16ec: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000 131c.16ec: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000 131c.16ec: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000 131c.16ec: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000 131c.16ec: 0000000000041000-fffffffffff41fff 0x0001/0x0000 0x0000000 131c.16ec: *0000000000140000-0000000000043fff 0x0000/0x0004 0x0020000 131c.16ec: 000000000023c000-0000000000239fff 0x0104/0x0004 0x0020000 131c.16ec: 000000000023e000-000000000023bfff 0x0004/0x0004 0x0020000 131c.16ec: 0000000000240000-ffffffff88e3ffff 0x0001/0x0000 0x0000000 131c.16ec: *0000000077640000-0000000077640fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 131c.16ec: 0000000077641000-000000007773dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 131c.16ec: 000000007773e000-000000007776cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 131c.16ec: 000000007776d000-0000000077776fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 131c.16ec: 0000000077777000-0000000077777fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 131c.16ec: 0000000077778000-000000007777afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 131c.16ec: 000000007777b000-00000000777e9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 131c.16ec: 00000000777ea000-000000006fff3fff 0x0001/0x0000 0x0000000 131c.16ec: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000 131c.16ec: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000 131c.16ec: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000 131c.16ec: 000000007fff0000-ffffffffc070ffff 0x0001/0x0000 0x0000000 131c.16ec: *000000013f8d0000-000000013f8d0fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 131c.16ec: 000000013f8d1000-000000013f93ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 131c.16ec: 000000013f940000-000000013f940fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 131c.16ec: 000000013f941000-000000013f985fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 131c.16ec: 000000013f986000-000000013f986fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 131c.16ec: 000000013f987000-000000013f987fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 131c.16ec: 000000013f988000-000000013f98cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 131c.16ec: 000000013f98d000-000000013f98dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 131c.16ec: 000000013f98e000-000000013f98efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 131c.16ec: 000000013f98f000-000000013f992fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 131c.16ec: 000000013f993000-000000013f9dafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 131c.16ec: 000000013f9db000-000000013f9d5fff 0x0001/0x0000 0x0000000 131c.16ec: *000000013f9e0000-000000013f9defff 0x0040/0x0040 0x0020000 !! 131c.16ec: supHardNtVpFreeOrReplacePrivateExecMemory: Replacing exec mem at 000000013f9e0000 (LB 0x1000, 000000013f9e0000 LB 0x1000) 131c.16ec: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [000000013f9e0000/000000013f9e0000 LB 0/0x1000] 131c.16ec: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/000000013f9e0000 LB 0x7fdbff80000 s=0x10000 ap=0x0 rp=0x00000000000001 131c.16ec: Error (rc=-5673): 131c.16ec: NtAllocateVirtualMemory (000000013f9e0000 LB 0x1000) failed with rcNt=0xc0000018 allocating replacement memory for working around buggy protection software. See VBoxStartup.log for more details 131c.16ec: Error (rc=-5645): 131c.16ec: Too many virtual memory regions. 131c.16ec: Error (rc=-5673): 131c.16ec: supHardenedWinVerifyProcess failed with Unknown Status -5673 (0xffffe9d7): NtAllocateVirtualMemory (000000013f9e0000 LB 0x1000) failed with rcNt=0xc0000018 allocating replacement memory for working around buggy protection software. See VBoxStartup.log for more details [rc=-5645] Too many virtual memory regions. 131c.16ec: Error -5673 in supR3HardNtChildPurify! (enmWhat=5) 131c.16ec: supHardenedWinVerifyProcess failed with Unknown Status -5673 (0xffffe9d7): NtAllocateVirtualMemory (000000013f9e0000 LB 0x1000) failed with rcNt=0xc0000018 allocating replacement memory for working around buggy protection software. See VBoxStartup.log for more details [rc=-5645] Too many virtual memory regions. 131c.16ec: supR3HardNtEnableThreadCreation: