(gdb) bt #0 0x00007f6b199663be in __libc_waitpid (pid=, stat_loc=0x7fff862943b0, options=0) at ../sysdeps/unix/sysv/linux/waitpid.c:32 #1 0x00007f6b198eb10e in do_system (line=0x7f6b1f6a50c0 "/bin/sleep 999999") at ../sysdeps/posix/system.c:149 #2 0x00007f6b1d19f62c in smb_panic (why=) at lib/util.c:1123 #3 0x00007f6b1d190898 in fault_report (sig=11) at lib/fault.c:53 #4 sig_fault (sig=11) at lib/fault.c:76 #5 #6 copy_serverinfo (mem_ctx=, src=0x0) at auth/auth_util.c:856 #7 0x00007f6b1d1f44d0 in make_server_info_guest (mem_ctx=, server_info=0x7fff86294938) at auth/auth_util.c:934 #8 0x00007f6b1cebc29d in do_map_to_guest (status=..., server_info=0x7fff86294938, user=0x7f6b1f68ee60 "AmiGO", domain=0x7f6b1f67a6f0 "PANDORABOX") at smbd/sesssetup.c:64 #9 0x00007f6b1cebc584 in reply_spnego_ntlmssp (req=0x7f6b1f6a4260, vuid=100, auth_ntlmssp_state=0x7f6b1f67f0f0, ntlmssp_blob=0x7fff86294a70, nt_status=..., OID=0x0, wrap=true) at smbd/sesssetup.c:493 #10 0x00007f6b1cebe197 in reply_spnego_auth (auth_ntlmssp_state=, blob1=..., vuid=, req=0x7f6b1f6a4260) at smbd/sesssetup.c:806 #11 reply_sesssetup_and_X_spnego (req=0x7f6b1f6a4260) at smbd/sesssetup.c:1192 #12 reply_sesssetup_and_X (req=0x7f6b1f6a4260) at smbd/sesssetup.c:1354 #13 0x00007f6b1cef7374 in switch_message (type=115 's', req=0x7f6b1f6a4260, size=492) at smbd/process.c:1574 #14 0x00007f6b1cef778b in construct_reply (deferred_pcd=0x0, encrypted=false, seqnum=, unread_bytes=0, size=492, inbuf=0x0, sconn=0x7f6b1f6725c0) at smbd/process.c:1610 #15 process_smb (sconn=0x7f6b1f6725c0, inbuf=, nread=492, unread_bytes=0, seqnum=, encrypted=false, deferred_pcd=0x0) at smbd/process.c:1688 #16 0x00007f6b1cef7ba3 in smbd_server_connection_read_handler (conn=0x7f6b1f6725c0, fd=26) at smbd/process.c:2317 #17 0x00007f6b1d1af32e in run_events_poll (num_pfds=2, pfds=0x7f6b1f67ef30, pollrtn=, ev=0x7f6b1f672500) at lib/events.c:286 #18 run_events_poll (ev=0x7f6b1f672500, pollrtn=, pfds=0x7f6b1f67ef30, num_pfds=2) at lib/events.c:184 #19 0x00007f6b1cef933a in smbd_server_connection_loop_once (conn=0x7f6b1f6725c0) at smbd/process.c:1017 #20 smbd_process (sconn=0x7f6b1f6725c0) at smbd/process.c:3158 #21 0x00007f6b1d40d2cf in smbd_accept_connection (ev=, fde=, flags=, private_data=) at smbd/server.c:511 #22 0x00007f6b1d1af32e in run_events_poll (num_pfds=5, pfds=0x7f6b1f690db0, pollrtn=, ev=0x7f6b1f672500) at lib/events.c:286 #23 run_events_poll (ev=0x7f6b1f672500, pollrtn=, pfds=0x7f6b1f690db0, num_pfds=5) at lib/events.c:184 #24 0x00007f6b1d1af4ca in s3_event_loop_once (ev=0x7f6b1f672500, location=) at lib/events.c:349 #25 0x00007f6b1d1b0050 in _tevent_loop_once (ev=0x7f6b1f672500, location=0x7f6b1d614c57 "smbd/server.c:844") at ../lib/tevent/tevent.c:494 #26 0x00007f6b1ce775d6 in smbd_parent_loop (parent=) at smbd/server.c:844 #27 main (argc=, argv=) at smbd/server.c:1326 # cat /etc/samba/smb.conf | sed ':a;N;$!ba;s/[#;]\+[^\n]*\n//g' [global] workgroup = LNETW server string = Samba Server Version %v netbios name = LSS interfaces = p16p1 bind interfaces only = yes hosts allow = 192.168.54.1 192.168.54.2 127. security = user passdb backend = tdbsam load printers = no guest ok = yes guest account = AmiGO username map = /etc/samba/smbusers Map to guest = Bad User socket options = IPTOS_LOWDELAY TCP_NODELAY SO_KEEPALIVE SO_SNDBUF=1048576 SO_RCVBUF=1048576 getwd cache = yes oplocks = yes max xmit = 65535 getwd cache = yes create mask = 0644 [home] path = /home browseable = yes writeable = yes [ter1] path = /mnt/ter1 browseable = yes writeable = yes [ter2] path = /mnt/ter2 browseable = yes writeable = yes map hidden = yes [111] path = /mnt/111 browseable = yes writeable = yes [222] path = /mnt/222 browseable = yes writeable = yes [l] path = /mnt/ter2/music browseable = no writeable = yes [int] path = /mnt/int browseable = yes writeable = yes [var] path = /var/ browseable = no writeable = yes [2012/06/12 03:29:53, 0] smbd/server.c:1051(main) smbd version 3.6.5-85.fc16 started. Copyright Andrew Tridgell and the Samba Team 1992-2011 [2012/06/12 03:29:53, 5] ../lib/util/debug.c:330(debug_dump_status) INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 doing parameter panic action = /bin/sleep 999999 doing parameter create mask = 0644 [2012/06/12 03:29:53, 4] param/loadparm.c:9608(lp_load_ex) pm_process() returned Yes [2012/06/12 03:29:53, 7] param/loadparm.c:9830(lp_servicenumber) lp_servicenumber: couldn't find homes [2012/06/12 03:29:53, 10] param/loadparm_server_role.c:101(set_server_role) set_server_role: role = ROLE_STANDALONE [2012/06/12 03:29:53, 5] ../lib/util/charset/codepoints.c:235(map_locale) Substituting charset 'UTF-8' for LOCALE [2012/06/12 03:29:53, 2] lib/tallocmsg.c:124(register_msg_pool_usage) Registered MSG_REQ_POOL_USAGE [2012/06/12 03:29:53, 2] lib/dmallocmsg.c:78(register_dmalloc_msgs) Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED [2012/06/12 03:29:53.004680, 3] param/loadparm.c:9572(lp_load_ex) lp_load_ex: refreshing parameters [2012/06/12 03:29:53.004801, 3] param/loadparm.c:5192(init_globals) Initialising global parameters [2012/06/12 03:29:53.004956, 3] ../lib/util/params.c:550(pm_process) params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" [2012/06/12 03:29:53.005064, 3] param/loadparm.c:8310(do_section) Processing section "[global]" doing parameter workgroup = LNETW doing parameter server string = Samba Server Version %v doing parameter netbios name = LSS [2012/06/12 03:29:53.005349, 4] param/loadparm.c:7561(handle_netbios_name) handle_netbios_name: set global_myname to: LSS doing parameter interfaces = p16p1 doing parameter bind interfaces only = yes doing parameter hosts allow = 192.168.54.1 192.168.54.2 127. doing parameter security = user doing parameter passdb backend = tdbsam doing parameter load printers = no doing parameter guest ok = yes doing parameter guest account = AmiGO doing parameter username map = /etc/samba/smbusers doing parameter Map to guest = Bad User doing parameter socket options = IPTOS_LOWDELAY TCP_NODELAY SO_KEEPALIVE SO_SNDBUF=1048576 SO_RCVBUF=1048576 doing parameter getwd cache = yes doing parameter oplocks = yes doing parameter max xmit = 65535 doing parameter getwd cache = yes doing parameter log level = 10 [2012/06/12 03:29:53.006253, 5] ../lib/util/debug.c:330(debug_dump_status) INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 doing parameter panic action = /bin/sleep 999999 doing parameter create mask = 0644 [2012/06/12 03:29:53.007819, 2] param/loadparm.c:8327(do_section) Processing section "[home]" [2012/06/12 03:29:53.007985, 8] param/loadparm.c:6480(add_a_service) add_a_service: Creating snum = 0 for home [2012/06/12 03:29:53.008098, 10] param/loadparm.c:6518(hash_a_service) hash_a_service: creating servicehash [2012/06/12 03:29:53.008210, 10] param/loadparm.c:6527(hash_a_service) hash_a_service: hashing index 0 for service name home doing parameter path = /home doing parameter browseable = yes doing parameter writeable = yes [2012/06/12 03:29:53.008261, 2] param/loadparm.c:8327(do_section) Processing section "[ter1]" [2012/06/12 03:29:53.008432, 8] param/loadparm.c:6480(add_a_service) add_a_service: Creating snum = 1 for ter1 [2012/06/12 03:29:53.008529, 10] param/loadparm.c:6527(hash_a_service) hash_a_service: hashing index 1 for service name ter1 doing parameter path = /mnt/ter1 doing parameter browseable = yes doing parameter writeable = yes [2012/06/12 03:29:53.008807, 2] param/loadparm.c:8327(do_section) Processing section "[ter2]" [2012/06/12 03:29:53.009067, 8] param/loadparm.c:6480(add_a_service) add_a_service: Creating snum = 2 for ter2 [2012/06/12 03:29:53.009250, 10] param/loadparm.c:6527(hash_a_service) hash_a_service: hashing index 2 for service name ter2 doing parameter path = /mnt/ter2 doing parameter browseable = yes doing parameter writeable = yes doing parameter map hidden = yes [2012/06/12 03:29:53.009571, 2] param/loadparm.c:8327(do_section) Processing section "[111]" [2012/06/12 03:29:53.009684, 8] param/loadparm.c:6480(add_a_service) add_a_service: Creating snum = 3 for 111 [2012/06/12 03:29:53.009780, 10] param/loadparm.c:6527(hash_a_service) hash_a_service: hashing index 3 for service name 111 doing parameter path = /mnt/111 doing parameter browseable = yes doing parameter writeable = yes [2012/06/12 03:29:53.010027, 2] param/loadparm.c:8327(do_section) Processing section "[222]" [2012/06/12 03:29:53.010138, 8] param/loadparm.c:6480(add_a_service) add_a_service: Creating snum = 4 for 222 [2012/06/12 03:29:53.010247, 10] param/loadparm.c:6527(hash_a_service) hash_a_service: hashing index 4 for service name 222 doing parameter path = /mnt/222 doing parameter browseable = yes doing parameter writeable = yes [2012/06/12 03:29:53.010508, 2] param/loadparm.c:8327(do_section) Processing section "[l]" [2012/06/12 03:29:53.010638, 8] param/loadparm.c:6480(add_a_service) add_a_service: Creating snum = 5 for l [2012/06/12 03:29:53.010736, 10] param/loadparm.c:6527(hash_a_service) hash_a_service: hashing index 5 for service name l doing parameter path = /mnt/ter2/music doing parameter browseable = no doing parameter writeable = yes [2012/06/12 03:29:53.010978, 2] param/loadparm.c:8327(do_section) Processing section "[int]" [2012/06/12 03:29:53.011090, 8] param/loadparm.c:6480(add_a_service) add_a_service: Creating snum = 6 for int [2012/06/12 03:29:53.011187, 10] param/loadparm.c:6527(hash_a_service) hash_a_service: hashing index 6 for service name int doing parameter path = /mnt/int doing parameter browseable = yes doing parameter writeable = yes [2012/06/12 03:29:53.011454, 2] param/loadparm.c:8327(do_section) Processing section "[var]" [2012/06/12 03:29:53.011566, 8] param/loadparm.c:6480(add_a_service) add_a_service: Creating snum = 7 for var [2012/06/12 03:29:53.011682, 10] param/loadparm.c:6527(hash_a_service) hash_a_service: hashing index 7 for service name var doing parameter path = /var/ doing parameter browseable = no doing parameter writeable = yes [2012/06/12 03:29:53.011929, 4] param/loadparm.c:9608(lp_load_ex) pm_process() returned Yes [2012/06/12 03:29:53.012059, 7] param/loadparm.c:9830(lp_servicenumber) lp_servicenumber: couldn't find homes [2012/06/12 03:29:53.012171, 8] param/loadparm.c:6480(add_a_service) add_a_service: Creating snum = 8 for IPC$ [2012/06/12 03:29:53.012307, 10] param/loadparm.c:6527(hash_a_service) hash_a_service: hashing index 8 for service name IPC$ [2012/06/12 03:29:53.012428, 3] param/loadparm.c:6630(lp_add_ipc) adding IPC service [2012/06/12 03:29:53.012526, 10] param/loadparm_server_role.c:101(set_server_role) set_server_role: role = ROLE_STANDALONE [2012/06/12 03:29:53.012632, 5] ../lib/util/charset/codepoints.c:235(map_locale) Substituting charset 'UTF-8' for LOCALE [2012/06/12 03:29:53.012750, 6] param/loadparm.c:7490(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue Jun 12 03:25:04 2012 [2012/06/12 03:29:53.013327, 2] lib/interface.c:341(add_interface) added interface p16p1 ip=fe80::a00:27ff:fedc:673b%p16p1 bcast=fe80::ffff:ffff:ffff:ffff%p16p1 netmask=ffff:ffff:ffff:ffff:: [2012/06/12 03:29:53.013577, 2] lib/interface.c:341(add_interface) added interface p16p1 ip=192.168.54.2 bcast=192.168.54.255 netmask=255.255.255.0 [2012/06/12 03:29:53.013786, 3] smbd/server.c:1086(main) loaded services [2012/06/12 03:29:53.013893, 5] lib/util.c:242(init_names) Netbios name list:- my_netbios_names[0]="LSS" [2012/06/12 03:29:53.014183, 0] smbd/server.c:1107(main) standard input is not a socket, assuming -D option [2012/06/12 03:29:53.014920, 3] smbd/server.c:1118(main) Becoming a daemon. [2012/06/12 03:29:53.021574, 8] ../lib/util/util.c:263(fcntl_lock) fcntl_lock 10 6 0 1 1 [2012/06/12 03:29:53.023871, 8] ../lib/util/util.c:298(fcntl_lock) fcntl_lock: Lock call successful [2012/06/12 03:29:53.025256, 5] passdb/pdb_interface.c:71(smb_register_passdb) Attempting to register passdb backend ldapsam [2012/06/12 03:29:53.025390, 5] passdb/pdb_interface.c:84(smb_register_passdb) Successfully added passdb backend 'ldapsam' [2012/06/12 03:29:53.025486, 5] passdb/pdb_interface.c:71(smb_register_passdb) Attempting to register passdb backend ldapsam_compat [2012/06/12 03:29:53.025584, 5] passdb/pdb_interface.c:84(smb_register_passdb) Successfully added passdb backend 'ldapsam_compat' [2012/06/12 03:29:53.025697, 5] passdb/pdb_interface.c:71(smb_register_passdb) Attempting to register passdb backend NDS_ldapsam [2012/06/12 03:29:53.025794, 5] passdb/pdb_interface.c:84(smb_register_passdb) Successfully added passdb backend 'NDS_ldapsam' [2012/06/12 03:29:53.025924, 5] passdb/pdb_interface.c:71(smb_register_passdb) Attempting to register passdb backend NDS_ldapsam_compat [2012/06/12 03:29:53.026021, 5] passdb/pdb_interface.c:84(smb_register_passdb) Successfully added passdb backend 'NDS_ldapsam_compat' [2012/06/12 03:29:53.026149, 5] passdb/pdb_interface.c:71(smb_register_passdb) Attempting to register passdb backend IPA_ldapsam [2012/06/12 03:29:53.026245, 5] passdb/pdb_interface.c:84(smb_register_passdb) Successfully added passdb backend 'IPA_ldapsam' [2012/06/12 03:29:53.026364, 5] passdb/pdb_interface.c:71(smb_register_passdb) Attempting to register passdb backend smbpasswd [2012/06/12 03:29:53.026490, 5] passdb/pdb_interface.c:84(smb_register_passdb) Successfully added passdb backend 'smbpasswd' [2012/06/12 03:29:53.026603, 5] passdb/pdb_interface.c:71(smb_register_passdb) Attempting to register passdb backend tdbsam [2012/06/12 03:29:53.026701, 5] passdb/pdb_interface.c:84(smb_register_passdb) Successfully added passdb backend 'tdbsam' [2012/06/12 03:29:53.026812, 5] passdb/pdb_interface.c:71(smb_register_passdb) Attempting to register passdb backend wbc_sam [2012/06/12 03:29:53.026926, 5] passdb/pdb_interface.c:84(smb_register_passdb) Successfully added passdb backend 'wbc_sam' [2012/06/12 03:29:53.027022, 5] passdb/pdb_interface.c:141(make_pdb_method_name) Attempting to find a passdb backend to match tdbsam (tdbsam) [2012/06/12 03:29:53.027118, 5] passdb/pdb_interface.c:162(make_pdb_method_name) Found pdb backend tdbsam [2012/06/12 03:29:53.027301, 5] passdb/pdb_interface.c:173(make_pdb_method_name) pdb backend tdbsam has a valid init [2012/06/12 03:29:53.028887, 10] registry/reg_backend_db.c:526(regdb_init) regdb_init: registry db openend. refcount reset (1) [2012/06/12 03:29:53.029057, 10] registry/reg_cachehook.c:70(reghook_cache_init) reghook_cache_init: new tree with default ops 0x7ffa8896c300 for key [] [2012/06/12 03:29:53.029949, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) regdb_fetch_values: Looking for value of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] [2012/06/12 03:29:53.030199, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Samba Printer Port], len: 2 [2012/06/12 03:29:53.030218, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) regdb_fetch_values: Looking for value of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/06/12 03:29:53.030416, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [DefaultSpoolDirectory], len: 70 [2012/06/12 03:29:53.030517, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) regdb_fetch_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] [2012/06/12 03:29:53.030627, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [DisplayName], len: 20 [2012/06/12 03:29:53.030724, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [ErrorControl], len: 4 [2012/06/12 03:29:53.030839, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) regdb_fetch_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] [2012/06/12 03:29:53.031001, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [DisplayName], len: 20 [2012/06/12 03:29:53.031190, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [ErrorControl], len: 4 [2012/06/12 03:29:53.031358, 10] registry/reg_cachehook.c:94(reghook_cache_add) reghook_cache_add: Adding ops 0x7ffa8896c460 for key [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers] [2012/06/12 03:29:53.031457, 8] lib/adt_tree.c:215(pathtree_add) pathtree_add: Enter [2012/06/12 03:29:53.031658, 10] lib/adt_tree.c:282(pathtree_add) pathtree_add: Successfully added node [HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers] to tree [2012/06/12 03:29:53.031759, 8] lib/adt_tree.c:284(pathtree_add) pathtree_add: Exit [2012/06/12 03:29:53.031911, 10] registry/reg_cachehook.c:94(reghook_cache_add) reghook_cache_add: Adding ops 0x7ffa8896c300 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/06/12 03:29:53.032010, 8] lib/adt_tree.c:215(pathtree_add) pathtree_add: Enter [2012/06/12 03:29:53.032121, 10] lib/adt_tree.c:282(pathtree_add) pathtree_add: Successfully added node [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] to tree [2012/06/12 03:29:53.032205, 8] lib/adt_tree.c:284(pathtree_add) pathtree_add: Exit [2012/06/12 03:29:53.032620, 10] registry/reg_cachehook.c:94(reghook_cache_add) reghook_cache_add: Adding ops 0x7ffa8896c300 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] [2012/06/12 03:29:53.032914, 8] lib/adt_tree.c:215(pathtree_add) pathtree_add: Enter [2012/06/12 03:29:53.033013, 10] lib/adt_tree.c:282(pathtree_add) pathtree_add: Successfully added node [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] to tree [2012/06/12 03:29:53.033111, 8] lib/adt_tree.c:284(pathtree_add) pathtree_add: Exit [2012/06/12 03:29:53.033289, 10] registry/reg_cachehook.c:94(reghook_cache_add) reghook_cache_add: Adding ops 0x7ffa8896c4c0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares] [2012/06/12 03:29:53.033565, 8] lib/adt_tree.c:215(pathtree_add) pathtree_add: Enter [2012/06/12 03:29:53.033665, 10] lib/adt_tree.c:282(pathtree_add) pathtree_add: Successfully added node [HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares] to tree [2012/06/12 03:29:53.033763, 8] lib/adt_tree.c:284(pathtree_add) pathtree_add: Exit [2012/06/12 03:29:53.033860, 10] registry/reg_cachehook.c:94(reghook_cache_add) reghook_cache_add: Adding ops 0x7ffa8896c400 for key [\HKLM\SOFTWARE\Samba\smbconf] [2012/06/12 03:29:53.033957, 8] lib/adt_tree.c:215(pathtree_add) pathtree_add: Enter [2012/06/12 03:29:53.034058, 10] lib/adt_tree.c:282(pathtree_add) pathtree_add: Successfully added node [HKLM\SOFTWARE\Samba\smbconf] to tree [2012/06/12 03:29:53.034154, 8] lib/adt_tree.c:284(pathtree_add) pathtree_add: Exit [2012/06/12 03:29:53.034269, 10] registry/reg_cachehook.c:94(reghook_cache_add) reghook_cache_add: Adding ops 0x7ffa8896c520 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters] [2012/06/12 03:29:53.034374, 8] lib/adt_tree.c:215(pathtree_add) pathtree_add: Enter [2012/06/12 03:29:53.034472, 10] lib/adt_tree.c:282(pathtree_add) pathtree_add: Successfully added node [HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters] to tree [2012/06/12 03:29:53.034570, 8] lib/adt_tree.c:284(pathtree_add) pathtree_add: Exit [2012/06/12 03:29:53.034667, 10] registry/reg_cachehook.c:94(reghook_cache_add) reghook_cache_add: Adding ops 0x7ffa8896c580 for key [\HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions] [2012/06/12 03:29:53.034765, 8] lib/adt_tree.c:215(pathtree_add) pathtree_add: Enter [2012/06/12 03:29:53.034862, 10] lib/adt_tree.c:282(pathtree_add) pathtree_add: Successfully added node [HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions] to tree [2012/06/12 03:29:53.034959, 8] lib/adt_tree.c:284(pathtree_add) pathtree_add: Exit [2012/06/12 03:29:53.035070, 10] registry/reg_cachehook.c:94(reghook_cache_add) reghook_cache_add: Adding ops 0x7ffa8896c5e0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters] [2012/06/12 03:29:53.035168, 8] lib/adt_tree.c:215(pathtree_add) pathtree_add: Enter [2012/06/12 03:29:53.035302, 10] lib/adt_tree.c:282(pathtree_add) pathtree_add: Successfully added node [HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters] to tree [2012/06/12 03:29:53.035399, 8] lib/adt_tree.c:284(pathtree_add) pathtree_add: Exit [2012/06/12 03:29:53.035509, 10] registry/reg_cachehook.c:94(reghook_cache_add) reghook_cache_add: Adding ops 0x7ffa8896c640 for key [\HKPT] [2012/06/12 03:29:53.035606, 8] lib/adt_tree.c:215(pathtree_add) pathtree_add: Enter [2012/06/12 03:29:53.035703, 10] lib/adt_tree.c:282(pathtree_add) pathtree_add: Successfully added node [HKPT] to tree [2012/06/12 03:29:53.035804, 8] lib/adt_tree.c:284(pathtree_add) pathtree_add: Exit [2012/06/12 03:29:53.035902, 10] registry/reg_cachehook.c:94(reghook_cache_add) reghook_cache_add: Adding ops 0x7ffa8896c6a0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/06/12 03:29:53.036012, 8] lib/adt_tree.c:215(pathtree_add) pathtree_add: Enter [2012/06/12 03:29:53.036108, 10] lib/adt_tree.c:282(pathtree_add) pathtree_add: Successfully added node [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] to tree [2012/06/12 03:29:53.036203, 8] lib/adt_tree.c:284(pathtree_add) pathtree_add: Exit [2012/06/12 03:29:53.036305, 10] registry/reg_cachehook.c:94(reghook_cache_add) reghook_cache_add: Adding ops 0x7ffa8896c700 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib] [2012/06/12 03:29:53.036404, 8] lib/adt_tree.c:215(pathtree_add) pathtree_add: Enter [2012/06/12 03:29:53.036500, 10] lib/adt_tree.c:282(pathtree_add) pathtree_add: Successfully added node [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib] to tree [2012/06/12 03:29:53.036596, 8] lib/adt_tree.c:284(pathtree_add) pathtree_add: Exit [2012/06/12 03:29:53.036691, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (1->0) [2012/06/12 03:29:53.039768, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user root [2012/06/12 03:29:53.039869, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is root [2012/06/12 03:29:53.040120, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [root]! [2012/06/12 03:29:53.041076, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: Unix User\root => domain=[Unix User], name=[root] [2012/06/12 03:29:53.041216, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2012/06/12 03:29:53.041709, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user root [2012/06/12 03:29:53.041850, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is root [2012/06/12 03:29:53.042005, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [root]! [2012/06/12 03:29:53.042181, 10] passdb/pdb_get_set.c:575(pdb_set_username) pdb_set_username: setting username root, was [2012/06/12 03:29:53.042357, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) pdb_set_full_name: setting full name root, was [2012/06/12 03:29:53.042454, 10] passdb/pdb_get_set.c:598(pdb_set_domain) pdb_set_domain: setting domain LSS, was [2012/06/12 03:29:53.042574, 4] lib/substitute.c:527(automount_server) Home server: lss [2012/06/12 03:29:53.042692, 10] passdb/pdb_get_set.c:690(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\lss\root\profile, was [2012/06/12 03:29:53.042790, 4] lib/substitute.c:527(automount_server) Home server: lss [2012/06/12 03:29:53.042889, 10] passdb/pdb_get_set.c:737(pdb_set_homedir) pdb_set_homedir: setting home dir \\lss\root, was [2012/06/12 03:29:53.042986, 10] passdb/pdb_get_set.c:713(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive , was NULL [2012/06/12 03:29:53.043101, 10] passdb/pdb_get_set.c:667(pdb_set_logon_script) pdb_set_logon_script: setting logon script , was [2012/06/12 03:29:53.043206, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-3946504339-3717241383-247693249-1000 [2012/06/12 03:29:53.043376, 10] passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-3946504339-3717241383-247693249-1000 from rid 1000 [2012/06/12 03:29:53.043516, 10] passdb/pdb_get_set.c:575(pdb_set_username) pdb_set_username: setting username root, was root [2012/06/12 03:29:53.043612, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-22-1-0 [2012/06/12 03:29:53.043794, 5] lib/gencache.c:68(gencache_init) Opening cache file at /var/lib/samba/gencache.tdb [2012/06/12 03:29:53.044009, 5] lib/gencache.c:111(gencache_init) Opening cache file at /var/lib/samba/gencache_notrans.tdb [2012/06/12 03:29:53.044200, 5] passdb/lookup_sid.c:1384(gid_to_sid) gid_to_sid: winbind failed to find a sid for gid 0 [2012/06/12 03:29:53.044361, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/06/12 03:29:53.044476, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/06/12 03:29:53.044589, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/06/12 03:29:53.044685, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/06/12 03:29:53.044797, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/06/12 03:29:53.045203, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/06/12 03:29:53.045301, 10] passdb/lookup_sid.c:1181(legacy_gid_to_sid) LEGACY: gid 0 -> sid S-1-22-2-0 [2012/06/12 03:29:53.045423, 3] passdb/lookup_sid.c:1737(get_primary_group_sid) Forcing Primary Group to 'Domain Users' for root [2012/06/12 03:29:53.045527, 10] auth/server_info.c:354(samu_to_SamInfo3) Unix User found in struct samu. Rid marked as special and sid (S-1-22-1-0) saved as extra sid [2012/06/12 03:29:53.045644, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user root [2012/06/12 03:29:53.045740, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is root [2012/06/12 03:29:53.045837, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [root]! [2012/06/12 03:29:53.046078, 10] lib/system_smbd.c:175(sys_getgrouplist) sys_getgrouplist: user [root] [2012/06/12 03:29:53.046256, 5] passdb/lookup_sid.c:1384(gid_to_sid) gid_to_sid: winbind failed to find a sid for gid 1 [2012/06/12 03:29:53.046361, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/06/12 03:29:53.046474, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/06/12 03:29:53.046571, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/06/12 03:29:53.046667, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/06/12 03:29:53.046762, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/06/12 03:29:53.046916, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/06/12 03:29:53.047014, 10] passdb/lookup_sid.c:1181(legacy_gid_to_sid) LEGACY: gid 1 -> sid S-1-22-2-1 [2012/06/12 03:29:53.047124, 5] passdb/lookup_sid.c:1384(gid_to_sid) gid_to_sid: winbind failed to find a sid for gid 2 [2012/06/12 03:29:53.047253, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/06/12 03:29:53.047356, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/06/12 03:29:53.047453, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/06/12 03:29:53.047548, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/06/12 03:29:53.047644, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/06/12 03:29:53.047791, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/06/12 03:29:53.047901, 10] passdb/lookup_sid.c:1181(legacy_gid_to_sid) LEGACY: gid 2 -> sid S-1-22-2-2 [2012/06/12 03:29:53.048016, 5] passdb/lookup_sid.c:1384(gid_to_sid) gid_to_sid: winbind failed to find a sid for gid 3 [2012/06/12 03:29:53.048113, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/06/12 03:29:53.048253, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/06/12 03:29:53.048355, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/06/12 03:29:53.048456, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/06/12 03:29:53.048551, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/06/12 03:29:53.048705, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/06/12 03:29:53.048801, 10] passdb/lookup_sid.c:1181(legacy_gid_to_sid) LEGACY: gid 3 -> sid S-1-22-2-3 [2012/06/12 03:29:53.048911, 5] passdb/lookup_sid.c:1384(gid_to_sid) gid_to_sid: winbind failed to find a sid for gid 4 [2012/06/12 03:29:53.049008, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/06/12 03:29:53.049104, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/06/12 03:29:53.049200, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/06/12 03:29:53.049302, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/06/12 03:29:53.049397, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/06/12 03:29:53.049543, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/06/12 03:29:53.049639, 10] passdb/lookup_sid.c:1181(legacy_gid_to_sid) LEGACY: gid 4 -> sid S-1-22-2-4 [2012/06/12 03:29:53.049748, 5] passdb/lookup_sid.c:1384(gid_to_sid) gid_to_sid: winbind failed to find a sid for gid 6 [2012/06/12 03:29:53.049857, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/06/12 03:29:53.049953, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/06/12 03:29:53.050050, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/06/12 03:29:53.050145, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/06/12 03:29:53.050245, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/06/12 03:29:53.050416, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/06/12 03:29:53.050513, 10] passdb/lookup_sid.c:1181(legacy_gid_to_sid) LEGACY: gid 6 -> sid S-1-22-2-6 [2012/06/12 03:29:53.050631, 5] passdb/lookup_sid.c:1384(gid_to_sid) gid_to_sid: winbind failed to find a sid for gid 10 [2012/06/12 03:29:53.050728, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/06/12 03:29:53.050825, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/06/12 03:29:53.050921, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/06/12 03:29:53.051016, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/06/12 03:29:53.051112, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/06/12 03:29:53.051255, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/06/12 03:29:53.051358, 10] passdb/lookup_sid.c:1181(legacy_gid_to_sid) LEGACY: gid 10 -> sid S-1-22-2-10 [2012/06/12 03:29:53.051465, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: LSS\root => domain=[LSS], name=[root] [2012/06/12 03:29:53.051562, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2012/06/12 03:29:53.051694, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/06/12 03:29:53.051791, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/06/12 03:29:53.051887, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/06/12 03:29:53.051983, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/06/12 03:29:53.052078, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/06/12 03:29:53.052410, 4] passdb/pdb_tdb.c:523(tdbsam_open) tdbsam_open: successfully opened /var/lib/samba/private/passdb.tdb [2012/06/12 03:29:53.052515, 5] passdb/pdb_tdb.c:562(tdbsam_getsampwnam) pdb_getsampwnam (TDB): error fetching database. Key: USER_root [2012/06/12 03:29:53.052666, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/06/12 03:29:53.052767, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/06/12 03:29:53.052864, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/06/12 03:29:53.052960, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/06/12 03:29:53.053056, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/06/12 03:29:53.053151, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/06/12 03:29:53.053306, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/06/12 03:29:53.053407, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: Unix User\root => domain=[Unix User], name=[root] [2012/06/12 03:29:53.053503, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2012/06/12 03:29:53.053618, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user root [2012/06/12 03:29:53.053715, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is root [2012/06/12 03:29:53.053812, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [root]! [2012/06/12 03:29:53.053928, 10] passdb/lookup_sid.c:1527(sid_to_uid) sid S-1-22-1-0 -> uid 0 [2012/06/12 03:29:53.054077, 10] lib/system_smbd.c:175(sys_getgrouplist) sys_getgrouplist: user [root] [2012/06/12 03:29:53.055079, 10] auth/token_util.c:339(create_local_nt_token) Create local NT token for S-1-22-1-0 [2012/06/12 03:29:53.055266, 10] passdb/lookup_sid.c:1611(sid_to_gid) winbind failed to find a gid for sid S-1-5-32-544 [2012/06/12 03:29:53.055373, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/06/12 03:29:53.055470, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/06/12 03:29:53.055566, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/06/12 03:29:53.055662, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/06/12 03:29:53.055757, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/06/12 03:29:53.055923, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/06/12 03:29:53.056019, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-32-544 [2012/06/12 03:29:53.056115, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/06/12 03:29:53.056264, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/06/12 03:29:53.056365, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/06/12 03:29:53.056460, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/06/12 03:29:53.056555, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/06/12 03:29:53.056700, 3] auth/token_util.c:438(finalize_local_nt_token) Failed to fetch domain sid for LNETW [2012/06/12 03:29:53.056890, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/06/12 03:29:53.057038, 10] passdb/lookup_sid.c:1611(sid_to_gid) winbind failed to find a gid for sid S-1-5-32-545 [2012/06/12 03:29:53.057139, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/06/12 03:29:53.057307, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/06/12 03:29:53.057411, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/06/12 03:29:53.057508, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/06/12 03:29:53.057604, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/06/12 03:29:53.057773, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/06/12 03:29:53.057869, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-32-545 [2012/06/12 03:29:53.057966, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/06/12 03:29:53.058061, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/06/12 03:29:53.058156, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/06/12 03:29:53.058327, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/06/12 03:29:53.058422, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/06/12 03:29:53.058571, 3] auth/token_util.c:469(finalize_local_nt_token) Failed to fetch domain sid for LNETW [2012/06/12 03:29:53.058669, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/06/12 03:29:53.058787, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/06/12 03:29:53.058882, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/06/12 03:29:53.058977, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/06/12 03:29:53.059136, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/06/12 03:29:53.059258, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/06/12 03:29:53.059465, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/06/12 03:29:53.059734, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-22-1-0] [2012/06/12 03:29:53.059845, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-22-2-0] [2012/06/12 03:29:53.059946, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-22-2-1] [2012/06/12 03:29:53.060047, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-22-2-2] [2012/06/12 03:29:53.060161, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-22-2-3] [2012/06/12 03:29:53.060319, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-22-2-4] [2012/06/12 03:29:53.060443, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-22-2-6] [2012/06/12 03:29:53.060545, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-22-2-10] [2012/06/12 03:29:53.060662, 5] lib/privileges.c:175(get_privileges_for_sids) get_privileges_for_sids: sid = S-1-1-0 Privilege set: 0x0 [2012/06/12 03:29:53.060805, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-2] [2012/06/12 03:29:53.060907, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-11] [2012/06/12 03:29:53.061087, 10] passdb/lookup_sid.c:1468(sids_to_unix_ids) wbcSidsToUnixIds returned WBC_ERR_WINBIND_NOT_AVAILABLE [2012/06/12 03:29:53.061342, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/06/12 03:29:53.061441, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/06/12 03:29:53.061542, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/06/12 03:29:53.061639, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/06/12 03:29:53.061735, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/06/12 03:29:53.061884, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/06/12 03:29:53.061981, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-1-0 [2012/06/12 03:29:53.062078, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid) LEGACY: mapping failed for sid S-1-1-0 [2012/06/12 03:29:53.062177, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/06/12 03:29:53.062319, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/06/12 03:29:53.062414, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/06/12 03:29:53.062509, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/06/12 03:29:53.062603, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/06/12 03:29:53.062769, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/06/12 03:29:53.062865, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-2 [2012/06/12 03:29:53.062961, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid) LEGACY: mapping failed for sid S-1-5-2 [2012/06/12 03:29:53.063057, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/06/12 03:29:53.063162, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/06/12 03:29:53.063312, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/06/12 03:29:53.063408, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/06/12 03:29:53.063502, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/06/12 03:29:53.063650, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/06/12 03:29:53.063746, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-11 [2012/06/12 03:29:53.063842, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid) LEGACY: mapping failed for sid S-1-5-11 [2012/06/12 03:29:53.063940, 10] auth/auth_util.c:505(create_local_token) Could not convert SID S-1-1-0 to gid, ignoring it [2012/06/12 03:29:53.064036, 10] auth/auth_util.c:505(create_local_token) Could not convert SID S-1-5-2 to gid, ignoring it [2012/06/12 03:29:53.064132, 10] auth/auth_util.c:505(create_local_token) Could not convert SID S-1-5-11 to gid, ignoring it [2012/06/12 03:29:53.064260, 10] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (11): SID[ 0]: S-1-22-1-0 SID[ 1]: S-1-22-2-0 SID[ 2]: S-1-22-2-1 SID[ 3]: S-1-22-2-2 SID[ 4]: S-1-22-2-3 SID[ 5]: S-1-22-2-4 SID[ 6]: S-1-22-2-6 SID[ 7]: S-1-22-2-10 SID[ 8]: S-1-1-0 SID[ 9]: S-1-5-2 SID[ 10]: S-1-5-11 Privileges (0x 0): Rights (0x 0): [2012/06/12 03:29:53.064964, 10] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 7 supplementary groups Group[ 0]: 0 Group[ 1]: 1 Group[ 2]: 2 Group[ 3]: 3 Group[ 4]: 4 Group[ 5]: 6 Group[ 6]: 10 [2012/06/12 03:29:53.065455, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user AmiGO [2012/06/12 03:29:53.065553, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is amigo [2012/06/12 03:29:53.065710, 5] lib/username.c:124(Get_Pwnam_internals) Trying _Get_Pwnam(), username as given is AmiGO [2012/06/12 03:29:53.065867, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [AmiGO]! [2012/06/12 03:29:53.066061, 4] auth/user_util.c:361(map_username) Scanning username map /etc/samba/smbusers [2012/06/12 03:29:53.066273, 10] auth/user_util.c:195(user_in_list) user_in_list: checking user LSS\amigo in list [2012/06/12 03:29:53.066382, 10] auth/user_util.c:200(user_in_list) user_in_list: checking user |LSS\amigo| against |administrator| [2012/06/12 03:29:53.066479, 10] auth/user_util.c:200(user_in_list) user_in_list: checking user |LSS\amigo| against |admin| [2012/06/12 03:29:53.066597, 10] auth/user_util.c:195(user_in_list) user_in_list: checking user LSS\amigo in list [2012/06/12 03:29:53.066693, 10] auth/user_util.c:200(user_in_list) user_in_list: checking user |LSS\amigo| against |guest| [2012/06/12 03:29:53.066788, 10] auth/user_util.c:200(user_in_list) user_in_list: checking user |LSS\amigo| against |pcguest| [2012/06/12 03:29:53.066883, 10] auth/user_util.c:200(user_in_list) user_in_list: checking user |LSS\amigo| against |smbguest| [2012/06/12 03:29:53.067014, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user LSS\amigo [2012/06/12 03:29:53.067110, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is lss\amigo [2012/06/12 03:29:53.067271, 5] lib/username.c:124(Get_Pwnam_internals) Trying _Get_Pwnam(), username as given is LSS\amigo [2012/06/12 03:29:53.067436, 5] lib/username.c:134(Get_Pwnam_internals) Trying _Get_Pwnam(), username as uppercase is LSS\AMIGO [2012/06/12 03:29:53.067585, 5] lib/username.c:143(Get_Pwnam_internals) Checking combinations of 0 uppercase letters in lss\amigo [2012/06/12 03:29:53.067681, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals didn't find user [LSS\amigo]! [2012/06/12 03:29:53.067777, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user amigo [2012/06/12 03:29:53.067871, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is amigo [2012/06/12 03:29:53.068021, 5] lib/username.c:134(Get_Pwnam_internals) Trying _Get_Pwnam(), username as uppercase is AMIGO [2012/06/12 03:29:53.068171, 5] lib/username.c:143(Get_Pwnam_internals) Checking combinations of 0 uppercase letters in amigo [2012/06/12 03:29:53.068311, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals didn't find user [amigo]! [2012/06/12 03:29:53.068434, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user amigo [2012/06/12 03:29:53.068529, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is amigo [2012/06/12 03:29:53.068679, 5] lib/username.c:134(Get_Pwnam_internals) Trying _Get_Pwnam(), username as uppercase is AMIGO [2012/06/12 03:29:53.068829, 5] lib/username.c:143(Get_Pwnam_internals) Checking combinations of 0 uppercase letters in amigo [2012/06/12 03:29:53.068925, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals didn't find user [amigo]! [2012/06/12 03:29:53.069020, 3] auth/auth_util.c:1028(check_account) Failed to find authenticated user LSS\amigo via getpwnam(), denying access. [2012/06/12 03:29:53.069273, 3] rpc_server/svcctl/srv_svcctl_reg.c:569(svcctl_init_winreg) Initialise the svcctl registry keys if needed. [2012/06/12 03:29:53.069401, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/06/12 03:29:53.069497, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/06/12 03:29:53.069592, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/06/12 03:29:53.069687, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/06/12 03:29:53.069782, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/06/12 03:29:53.069973, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/06/12 03:29:53.070073, 10] registry/reg_backend_db.c:602(regdb_open) regdb_open: registry db opened. refcount reset (1) [2012/06/12 03:29:53.071063, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/06/12 03:29:53.071286, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2012/06/12 03:29:53.071392, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2012/06/12 03:29:53.071525, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/06/12 03:29:53.071823, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/06/12 03:29:53.072741, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/06/12 03:29:53.072889, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (1->2) [2012/06/12 03:29:53.073060, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2012/06/12 03:29:53.073275, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2012/06/12 03:29:53.073431, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/12 03:29:53.073590, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM] [2012/06/12 03:29:53.073916, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.074391, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-d64f-717fcd250000 result : WERR_OK [2012/06/12 03:29:53.075581, 5] ../lib/util/charset/codepoints.c:235(map_locale) Substituting charset 'UTF-8' for LOCALE [2012/06/12 03:29:53.075745, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-d64f-717fcd250000 keyname: struct winreg_String name_len : 0x0044 (68) name_size : 0x0044 (68) name : * name : 'SYSTEM\CurrentControlSet\Services' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/06/12 03:29:53.077924, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.078164, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2012/06/12 03:29:53.078357, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/06/12 03:29:53.078483, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] [2012/06/12 03:29:53.078605, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM] [2012/06/12 03:29:53.078728, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/12 03:29:53.078846, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM] [2012/06/12 03:29:53.079043, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2012/06/12 03:29:53.079174, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/06/12 03:29:53.079354, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] [2012/06/12 03:29:53.079477, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] [2012/06/12 03:29:53.079594, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/12 03:29:53.079717, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM\CurrentControlSet] [2012/06/12 03:29:53.079843, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/06/12 03:29:53.079969, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2012/06/12 03:29:53.080091, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/06/12 03:29:53.080250, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/06/12 03:29:53.080378, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/06/12 03:29:53.080510, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/12 03:29:53.080636, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/06/12 03:29:53.080792, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/06/12 03:29:53.080911, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.081120, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-d64f-717fcd250000 result : WERR_OK [2012/06/12 03:29:53.081662, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-d64f-717fcd250000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2012/06/12 03:29:53.082436, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.082656, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services' (ops 0x7ffa8896c300) [2012/06/12 03:29:53.082764, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) regdb_fetch_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services] [2012/06/12 03:29:53.082910, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] [2012/06/12 03:29:53.083099, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000007 (7) max_subkeylen : * max_subkeylen : 0x0000001c (28) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x00000000 (0) max_valnamelen : * max_valnamelen : 0x00000002 (2) max_valbufsize : * max_valbufsize : 0x00000000 (0) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2012/06/12 03:29:53.085638, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey in: struct winreg_EnumKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-d64f-717fcd250000 enum_index : 0x00000000 (0) name : * name: struct winreg_StringBuf length : 0x0000 (0) size : 0x001e (30) name : * name : '' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) [2012/06/12 03:29:53.087634, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.087932, 8] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey) _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] [2012/06/12 03:29:53.088096, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey out: struct winreg_EnumKey name : * name: struct winreg_StringBuf length : 0x001a (26) size : 0x001e (30) name : * name : 'LanmanServer' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2012/06/12 03:29:53.089561, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey in: struct winreg_EnumKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-d64f-717fcd250000 enum_index : 0x00000001 (1) name : * name: struct winreg_StringBuf length : 0x0000 (0) size : 0x001e (30) name : * name : '' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) [2012/06/12 03:29:53.091423, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.091693, 8] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey) _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] [2012/06/12 03:29:53.091962, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey out: struct winreg_EnumKey name : * name: struct winreg_StringBuf length : 0x0012 (18) size : 0x001e (30) name : * name : 'Eventlog' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2012/06/12 03:29:53.093496, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey in: struct winreg_EnumKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-d64f-717fcd250000 enum_index : 0x00000002 (2) name : * name: struct winreg_StringBuf length : 0x0000 (0) size : 0x001e (30) name : * name : '' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) [2012/06/12 03:29:53.096106, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.096363, 8] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey) _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] [2012/06/12 03:29:53.096593, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey out: struct winreg_EnumKey name : * name: struct winreg_StringBuf length : 0x000c (12) size : 0x001e (30) name : * name : 'Tcpip' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2012/06/12 03:29:53.098164, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey in: struct winreg_EnumKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-d64f-717fcd250000 enum_index : 0x00000003 (3) name : * name: struct winreg_StringBuf length : 0x0000 (0) size : 0x001e (30) name : * name : '' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) [2012/06/12 03:29:53.099489, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.099646, 8] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey) _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] [2012/06/12 03:29:53.099789, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey out: struct winreg_EnumKey name : * name: struct winreg_StringBuf length : 0x0012 (18) size : 0x001e (30) name : * name : 'Netlogon' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2012/06/12 03:29:53.101539, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey in: struct winreg_EnumKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-d64f-717fcd250000 enum_index : 0x00000004 (4) name : * name: struct winreg_StringBuf length : 0x0000 (0) size : 0x001e (30) name : * name : '' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) [2012/06/12 03:29:53.102584, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.102758, 8] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey) _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] [2012/06/12 03:29:53.102870, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey out: struct winreg_EnumKey name : * name: struct winreg_StringBuf length : 0x0010 (16) size : 0x001e (30) name : * name : 'Spooler' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2012/06/12 03:29:53.103789, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey in: struct winreg_EnumKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-d64f-717fcd250000 enum_index : 0x00000005 (5) name : * name: struct winreg_StringBuf length : 0x0000 (0) size : 0x001e (30) name : * name : '' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) [2012/06/12 03:29:53.104851, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.105008, 8] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey) _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] [2012/06/12 03:29:53.105121, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey out: struct winreg_EnumKey name : * name: struct winreg_StringBuf length : 0x001e (30) size : 0x001e (30) name : * name : 'RemoteRegistry' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2012/06/12 03:29:53.105985, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey in: struct winreg_EnumKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-d64f-717fcd250000 enum_index : 0x00000006 (6) name : * name: struct winreg_StringBuf length : 0x0000 (0) size : 0x001e (30) name : * name : '' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) [2012/06/12 03:29:53.107115, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.107316, 8] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey) _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] [2012/06/12 03:29:53.107448, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey out: struct winreg_EnumKey name : * name: struct winreg_StringBuf length : 0x000a (10) size : 0x001e (30) name : * name : 'WINS' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2012/06/12 03:29:53.108370, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-d64f-717fcd250000 name: struct winreg_String name_len : 0x0054 (84) name_size : 0x0054 (84) name : * name : 'SYSTEM\CurrentControlSet\Services\Spooler' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_ACTION_NONE (0) [2012/06/12 03:29:53.109930, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.110099, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey) _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\Spooler' [2012/06/12 03:29:53.110198, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2012/06/12 03:29:53.110317, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/06/12 03:29:53.110430, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] [2012/06/12 03:29:53.110526, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM] [2012/06/12 03:29:53.110622, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/12 03:29:53.110717, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM] [2012/06/12 03:29:53.110821, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2012/06/12 03:29:53.110931, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/06/12 03:29:53.111030, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] [2012/06/12 03:29:53.111127, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] [2012/06/12 03:29:53.111266, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/12 03:29:53.111376, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM\CurrentControlSet] [2012/06/12 03:29:53.111482, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/06/12 03:29:53.111579, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2012/06/12 03:29:53.111676, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/06/12 03:29:53.111778, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/06/12 03:29:53.111875, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/06/12 03:29:53.111972, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/12 03:29:53.112068, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/06/12 03:29:53.112181, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/06/12 03:29:53.112300, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Spooler] [2012/06/12 03:29:53.112399, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/06/12 03:29:53.112499, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] [2012/06/12 03:29:53.112595, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] [2012/06/12 03:29:53.112693, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/12 03:29:53.112788, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] [2012/06/12 03:29:53.112913, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/06/12 03:29:53.113010, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.113165, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey out: struct winreg_CreateKey new_handle : * new_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-d64f-717fcd250000 action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) result : WERR_OK [2012/06/12 03:29:53.113795, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-d64f-717fcd250000 name: struct winreg_String name_len : 0x000c (12) name_size : 0x000c (12) name : * name : 'Start' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x02 (2) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2012/06/12 03:29:53.114734, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.114889, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:Start] [2012/06/12 03:29:53.114986, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\Spooler' (ops 0x7ffa8896c300) [2012/06/12 03:29:53.115089, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) regdb_fetch_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler] [2012/06/12 03:29:53.115194, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Start], len: 4 [2012/06/12 03:29:53.115338, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Type], len: 4 [2012/06/12 03:29:53.115436, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [ErrorControl], len: 4 [2012/06/12 03:29:53.115533, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [ObjectName], len: 24 [2012/06/12 03:29:53.115630, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [DisplayName], len: 28 [2012/06/12 03:29:53.115728, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [ImagePath], len: 58 [2012/06/12 03:29:53.115825, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Description], len: 106 [2012/06/12 03:29:53.115921, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/06/12 03:29:53.116133, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-d64f-717fcd250000 name: struct winreg_String name_len : 0x000a (10) name_size : 0x000a (10) name : * name : 'Type' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2012/06/12 03:29:53.117046, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.117252, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:Type] [2012/06/12 03:29:53.117355, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/06/12 03:29:53.117549, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-d64f-717fcd250000 name: struct winreg_String name_len : 0x001a (26) name_size : 0x001a (26) name : * name : 'ErrorControl' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2012/06/12 03:29:53.119087, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.119819, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:ErrorControl] [2012/06/12 03:29:53.119967, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/06/12 03:29:53.120371, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-d64f-717fcd250000 name: struct winreg_String name_len : 0x0016 (22) name_size : 0x0016 (22) name : * name : 'ObjectName' type : REG_SZ (1) data : * data: ARRAY(24) [0] : 0x4c (76) [1] : 0x00 (0) [2] : 0x6f (111) [3] : 0x00 (0) [4] : 0x63 (99) [5] : 0x00 (0) [6] : 0x61 (97) [7] : 0x00 (0) [8] : 0x6c (108) [9] : 0x00 (0) [10] : 0x53 (83) [11] : 0x00 (0) [12] : 0x79 (121) [13] : 0x00 (0) [14] : 0x73 (115) [15] : 0x00 (0) [16] : 0x74 (116) [17] : 0x00 (0) [18] : 0x65 (101) [19] : 0x00 (0) [20] : 0x6d (109) [21] : 0x00 (0) [22] : 0x00 (0) [23] : 0x00 (0) size : 0x00000018 (24) [2012/06/12 03:29:53.122517, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.122701, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:ObjectName] [2012/06/12 03:29:53.122822, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/06/12 03:29:53.123081, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-d64f-717fcd250000 name: struct winreg_String name_len : 0x0018 (24) name_size : 0x0018 (24) name : * name : 'DisplayName' type : REG_SZ (1) data : * data: ARRAY(28) [0] : 0x50 (80) [1] : 0x00 (0) [2] : 0x72 (114) [3] : 0x00 (0) [4] : 0x69 (105) [5] : 0x00 (0) [6] : 0x6e (110) [7] : 0x00 (0) [8] : 0x74 (116) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x53 (83) [13] : 0x00 (0) [14] : 0x70 (112) [15] : 0x00 (0) [16] : 0x6f (111) [17] : 0x00 (0) [18] : 0x6f (111) [19] : 0x00 (0) [20] : 0x6c (108) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x00 (0) size : 0x0000001c (28) [2012/06/12 03:29:53.125477, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.125646, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:DisplayName] [2012/06/12 03:29:53.125751, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/06/12 03:29:53.126004, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-d64f-717fcd250000 name: struct winreg_String name_len : 0x0014 (20) name_size : 0x0014 (20) name : * name : 'ImagePath' type : REG_SZ (1) data : * data: ARRAY(58) [0] : 0x2f (47) [1] : 0x00 (0) [2] : 0x75 (117) [3] : 0x00 (0) [4] : 0x73 (115) [5] : 0x00 (0) [6] : 0x72 (114) [7] : 0x00 (0) [8] : 0x2f (47) [9] : 0x00 (0) [10] : 0x6c (108) [11] : 0x00 (0) [12] : 0x69 (105) [13] : 0x00 (0) [14] : 0x62 (98) [15] : 0x00 (0) [16] : 0x36 (54) [17] : 0x00 (0) [18] : 0x34 (52) [19] : 0x00 (0) [20] : 0x2f (47) [21] : 0x00 (0) [22] : 0x73 (115) [23] : 0x00 (0) [24] : 0x61 (97) [25] : 0x00 (0) [26] : 0x6d (109) [27] : 0x00 (0) [28] : 0x62 (98) [29] : 0x00 (0) [30] : 0x61 (97) [31] : 0x00 (0) [32] : 0x2f (47) [33] : 0x00 (0) [34] : 0x73 (115) [35] : 0x00 (0) [36] : 0x76 (118) [37] : 0x00 (0) [38] : 0x63 (99) [39] : 0x00 (0) [40] : 0x63 (99) [41] : 0x00 (0) [42] : 0x74 (116) [43] : 0x00 (0) [44] : 0x6c (108) [45] : 0x00 (0) [46] : 0x2f (47) [47] : 0x00 (0) [48] : 0x73 (115) [49] : 0x00 (0) [50] : 0x6d (109) [51] : 0x00 (0) [52] : 0x62 (98) [53] : 0x00 (0) [54] : 0x64 (100) [55] : 0x00 (0) [56] : 0x00 (0) [57] : 0x00 (0) size : 0x0000003a (58) [2012/06/12 03:29:53.129877, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.130038, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:ImagePath] [2012/06/12 03:29:53.130136, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/06/12 03:29:53.130400, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-d64f-717fcd250000 name: struct winreg_String name_len : 0x0018 (24) name_size : 0x0018 (24) name : * name : 'Description' type : REG_SZ (1) data : * data: ARRAY(106) [0] : 0x49 (73) [1] : 0x00 (0) [2] : 0x6e (110) [3] : 0x00 (0) [4] : 0x74 (116) [5] : 0x00 (0) [6] : 0x65 (101) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x6e (110) [11] : 0x00 (0) [12] : 0x61 (97) [13] : 0x00 (0) [14] : 0x6c (108) [15] : 0x00 (0) [16] : 0x20 (32) [17] : 0x00 (0) [18] : 0x73 (115) [19] : 0x00 (0) [20] : 0x65 (101) [21] : 0x00 (0) [22] : 0x72 (114) [23] : 0x00 (0) [24] : 0x76 (118) [25] : 0x00 (0) [26] : 0x69 (105) [27] : 0x00 (0) [28] : 0x63 (99) [29] : 0x00 (0) [30] : 0x65 (101) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x00 (0) [34] : 0x66 (102) [35] : 0x00 (0) [36] : 0x6f (111) [37] : 0x00 (0) [38] : 0x72 (114) [39] : 0x00 (0) [40] : 0x20 (32) [41] : 0x00 (0) [42] : 0x73 (115) [43] : 0x00 (0) [44] : 0x70 (112) [45] : 0x00 (0) [46] : 0x6f (111) [47] : 0x00 (0) [48] : 0x6f (111) [49] : 0x00 (0) [50] : 0x6c (108) [51] : 0x00 (0) [52] : 0x69 (105) [53] : 0x00 (0) [54] : 0x6e (110) [55] : 0x00 (0) [56] : 0x67 (103) [57] : 0x00 (0) [58] : 0x20 (32) [59] : 0x00 (0) [60] : 0x66 (102) [61] : 0x00 (0) [62] : 0x69 (105) [63] : 0x00 (0) [64] : 0x6c (108) [65] : 0x00 (0) [66] : 0x65 (101) [67] : 0x00 (0) [68] : 0x73 (115) [69] : 0x00 (0) [70] : 0x20 (32) [71] : 0x00 (0) [72] : 0x74 (116) [73] : 0x00 (0) [74] : 0x6f (111) [75] : 0x00 (0) [76] : 0x20 (32) [77] : 0x00 (0) [78] : 0x70 (112) [79] : 0x00 (0) [80] : 0x72 (114) [81] : 0x00 (0) [82] : 0x69 (105) [83] : 0x00 (0) [84] : 0x6e (110) [85] : 0x00 (0) [86] : 0x74 (116) [87] : 0x00 (0) [88] : 0x20 (32) [89] : 0x00 (0) [90] : 0x64 (100) [91] : 0x00 (0) [92] : 0x65 (101) [93] : 0x00 (0) [94] : 0x76 (118) [95] : 0x00 (0) [96] : 0x69 (105) [97] : 0x00 (0) [98] : 0x63 (99) [99] : 0x00 (0) [100] : 0x65 (101) [101] : 0x00 (0) [102] : 0x73 (115) [103] : 0x00 (0) [104] : 0x00 (0) [105] : 0x00 (0) size : 0x0000006a (106) [2012/06/12 03:29:53.137028, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.137198, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:Description] [2012/06/12 03:29:53.137299, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/06/12 03:29:53.137517, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-d64f-717fcd250000 [2012/06/12 03:29:53.137841, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.137997, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.138153, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/06/12 03:29:53.138291, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/06/12 03:29:53.138389, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/06/12 03:29:53.138778, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-d64f-717fcd250000 name: struct winreg_String name_len : 0x0066 (102) name_size : 0x0066 (102) name : * name : 'SYSTEM\CurrentControlSet\Services\Spooler\Security' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) [2012/06/12 03:29:53.140360, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.140518, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey) _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\Spooler\Security' [2012/06/12 03:29:53.140618, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2012/06/12 03:29:53.140716, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/06/12 03:29:53.140815, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] [2012/06/12 03:29:53.140911, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM] [2012/06/12 03:29:53.141010, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/12 03:29:53.141105, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM] [2012/06/12 03:29:53.141253, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2012/06/12 03:29:53.141357, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/06/12 03:29:53.141456, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] [2012/06/12 03:29:53.141565, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] [2012/06/12 03:29:53.141699, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/12 03:29:53.141795, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM\CurrentControlSet] [2012/06/12 03:29:53.141903, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/06/12 03:29:53.142003, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2012/06/12 03:29:53.142099, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/06/12 03:29:53.142254, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/06/12 03:29:53.142357, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/06/12 03:29:53.142455, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/12 03:29:53.142550, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/06/12 03:29:53.142664, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/06/12 03:29:53.142764, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Spooler] [2012/06/12 03:29:53.142861, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/06/12 03:29:53.142972, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] [2012/06/12 03:29:53.143068, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] [2012/06/12 03:29:53.143165, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/12 03:29:53.143297, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] [2012/06/12 03:29:53.143417, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/06/12 03:29:53.143515, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Security] [2012/06/12 03:29:53.143611, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/06/12 03:29:53.143710, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] [2012/06/12 03:29:53.143807, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] [2012/06/12 03:29:53.143904, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/12 03:29:53.144000, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] [2012/06/12 03:29:53.144104, 10] registry/reg_backend_db.c:1630(regdb_fetch_keys_internal) regdb_fetch_keys: no subkeys found for key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] [2012/06/12 03:29:53.144202, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/06/12 03:29:53.144328, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 04 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.144488, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey out: struct winreg_CreateKey new_handle : * new_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000004-0000-0000-d64f-717fcd250000 action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) result : WERR_OK [2012/06/12 03:29:53.145029, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000004-0000-0000-d64f-717fcd250000 name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : REG_BINARY (3) data : * data: ARRAY(120) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x00 (0) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x00 (0) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x14 (20) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x02 (2) [21] : 0x00 (0) [22] : 0x64 (100) [23] : 0x00 (0) [24] : 0x04 (4) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x00 (0) [28] : 0x00 (0) [29] : 0x00 (0) [30] : 0x14 (20) [31] : 0x00 (0) [32] : 0x8d (141) [33] : 0x01 (1) [34] : 0x02 (2) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x01 (1) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x01 (1) [44] : 0x00 (0) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x00 (0) [49] : 0x00 (0) [50] : 0x18 (24) [51] : 0x00 (0) [52] : 0xfd (253) [53] : 0x01 (1) [54] : 0x02 (2) [55] : 0x00 (0) [56] : 0x01 (1) [57] : 0x02 (2) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x00 (0) [62] : 0x00 (0) [63] : 0x05 (5) [64] : 0x20 (32) [65] : 0x00 (0) [66] : 0x00 (0) [67] : 0x00 (0) [68] : 0x23 (35) [69] : 0x02 (2) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x18 (24) [75] : 0x00 (0) [76] : 0xff (255) [77] : 0x01 (1) [78] : 0x0f (15) [79] : 0x00 (0) [80] : 0x01 (1) [81] : 0x02 (2) [82] : 0x00 (0) [83] : 0x00 (0) [84] : 0x00 (0) [85] : 0x00 (0) [86] : 0x00 (0) [87] : 0x05 (5) [88] : 0x20 (32) [89] : 0x00 (0) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x25 (37) [93] : 0x02 (2) [94] : 0x00 (0) [95] : 0x00 (0) [96] : 0x00 (0) [97] : 0x00 (0) [98] : 0x18 (24) [99] : 0x00 (0) [100] : 0xff (255) [101] : 0x01 (1) [102] : 0x0f (15) [103] : 0x00 (0) [104] : 0x01 (1) [105] : 0x02 (2) [106] : 0x00 (0) [107] : 0x00 (0) [108] : 0x00 (0) [109] : 0x00 (0) [110] : 0x00 (0) [111] : 0x05 (5) [112] : 0x20 (32) [113] : 0x00 (0) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x20 (32) [117] : 0x02 (2) [118] : 0x00 (0) [119] : 0x00 (0) size : 0x00000078 (120) [2012/06/12 03:29:53.152215, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 04 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.152419, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security:Security] [2012/06/12 03:29:53.152518, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security' (ops 0x7ffa8896c300) [2012/06/12 03:29:53.152616, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) regdb_fetch_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] [2012/06/12 03:29:53.152722, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Security], len: 120 [2012/06/12 03:29:53.152833, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/06/12 03:29:53.153028, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000004-0000-0000-d64f-717fcd250000 [2012/06/12 03:29:53.153383, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 04 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.153540, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 04 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.153695, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/06/12 03:29:53.153791, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/06/12 03:29:53.153888, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/06/12 03:29:53.154254, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-d64f-717fcd250000 name: struct winreg_String name_len : 0x0056 (86) name_size : 0x0056 (86) name : * name : 'SYSTEM\CurrentControlSet\Services\NETLOGON' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_ACTION_NONE (0) [2012/06/12 03:29:53.155834, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.155990, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey) _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\NETLOGON' [2012/06/12 03:29:53.156089, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2012/06/12 03:29:53.156198, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/06/12 03:29:53.156316, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] [2012/06/12 03:29:53.156413, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM] [2012/06/12 03:29:53.156510, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/12 03:29:53.156613, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM] [2012/06/12 03:29:53.156724, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2012/06/12 03:29:53.156822, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/06/12 03:29:53.156921, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] [2012/06/12 03:29:53.157017, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] [2012/06/12 03:29:53.157127, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/12 03:29:53.157244, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM\CurrentControlSet] [2012/06/12 03:29:53.157357, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/06/12 03:29:53.157456, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2012/06/12 03:29:53.157553, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/06/12 03:29:53.157652, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/06/12 03:29:53.157747, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/06/12 03:29:53.157843, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/12 03:29:53.157939, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/06/12 03:29:53.158051, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/06/12 03:29:53.158152, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [NETLOGON] [2012/06/12 03:29:53.158253, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/06/12 03:29:53.158358, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] [2012/06/12 03:29:53.158454, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] [2012/06/12 03:29:53.158564, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/12 03:29:53.158660, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] [2012/06/12 03:29:53.158799, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/06/12 03:29:53.158897, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.159083, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey out: struct winreg_CreateKey new_handle : * new_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-d64f-717fcd250000 action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) result : WERR_OK [2012/06/12 03:29:53.159599, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-d64f-717fcd250000 name: struct winreg_String name_len : 0x000c (12) name_size : 0x000c (12) name : * name : 'Start' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x02 (2) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2012/06/12 03:29:53.160560, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.160717, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:Start] [2012/06/12 03:29:53.160824, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON' (ops 0x7ffa8896c300) [2012/06/12 03:29:53.160926, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) regdb_fetch_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] [2012/06/12 03:29:53.161032, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Start], len: 4 [2012/06/12 03:29:53.161131, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Type], len: 4 [2012/06/12 03:29:53.161253, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [ErrorControl], len: 4 [2012/06/12 03:29:53.161369, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [ObjectName], len: 24 [2012/06/12 03:29:53.161467, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [DisplayName], len: 20 [2012/06/12 03:29:53.161565, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [ImagePath], len: 58 [2012/06/12 03:29:53.161664, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Description], len: 164 [2012/06/12 03:29:53.161762, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/06/12 03:29:53.161990, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-d64f-717fcd250000 name: struct winreg_String name_len : 0x000a (10) name_size : 0x000a (10) name : * name : 'Type' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2012/06/12 03:29:53.162920, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.163076, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:Type] [2012/06/12 03:29:53.163174, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/06/12 03:29:53.163395, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-d64f-717fcd250000 name: struct winreg_String name_len : 0x001a (26) name_size : 0x001a (26) name : * name : 'ErrorControl' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2012/06/12 03:29:53.164365, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.164522, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:ErrorControl] [2012/06/12 03:29:53.164620, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/06/12 03:29:53.164834, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-d64f-717fcd250000 name: struct winreg_String name_len : 0x0016 (22) name_size : 0x0016 (22) name : * name : 'ObjectName' type : REG_SZ (1) data : * data: ARRAY(24) [0] : 0x4c (76) [1] : 0x00 (0) [2] : 0x6f (111) [3] : 0x00 (0) [4] : 0x63 (99) [5] : 0x00 (0) [6] : 0x61 (97) [7] : 0x00 (0) [8] : 0x6c (108) [9] : 0x00 (0) [10] : 0x53 (83) [11] : 0x00 (0) [12] : 0x79 (121) [13] : 0x00 (0) [14] : 0x73 (115) [15] : 0x00 (0) [16] : 0x74 (116) [17] : 0x00 (0) [18] : 0x65 (101) [19] : 0x00 (0) [20] : 0x6d (109) [21] : 0x00 (0) [22] : 0x00 (0) [23] : 0x00 (0) size : 0x00000018 (24) [2012/06/12 03:29:53.166797, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.166953, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:ObjectName] [2012/06/12 03:29:53.167051, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/06/12 03:29:53.168058, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-d64f-717fcd250000 name: struct winreg_String name_len : 0x0018 (24) name_size : 0x0018 (24) name : * name : 'DisplayName' type : REG_SZ (1) data : * data: ARRAY(20) [0] : 0x4e (78) [1] : 0x00 (0) [2] : 0x65 (101) [3] : 0x00 (0) [4] : 0x74 (116) [5] : 0x00 (0) [6] : 0x20 (32) [7] : 0x00 (0) [8] : 0x4c (76) [9] : 0x00 (0) [10] : 0x6f (111) [11] : 0x00 (0) [12] : 0x67 (103) [13] : 0x00 (0) [14] : 0x6f (111) [15] : 0x00 (0) [16] : 0x6e (110) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : 0x00000014 (20) [2012/06/12 03:29:53.169702, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.169871, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:DisplayName] [2012/06/12 03:29:53.169969, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/06/12 03:29:53.170165, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-d64f-717fcd250000 name: struct winreg_String name_len : 0x0014 (20) name_size : 0x0014 (20) name : * name : 'ImagePath' type : REG_SZ (1) data : * data: ARRAY(58) [0] : 0x2f (47) [1] : 0x00 (0) [2] : 0x75 (117) [3] : 0x00 (0) [4] : 0x73 (115) [5] : 0x00 (0) [6] : 0x72 (114) [7] : 0x00 (0) [8] : 0x2f (47) [9] : 0x00 (0) [10] : 0x6c (108) [11] : 0x00 (0) [12] : 0x69 (105) [13] : 0x00 (0) [14] : 0x62 (98) [15] : 0x00 (0) [16] : 0x36 (54) [17] : 0x00 (0) [18] : 0x34 (52) [19] : 0x00 (0) [20] : 0x2f (47) [21] : 0x00 (0) [22] : 0x73 (115) [23] : 0x00 (0) [24] : 0x61 (97) [25] : 0x00 (0) [26] : 0x6d (109) [27] : 0x00 (0) [28] : 0x62 (98) [29] : 0x00 (0) [30] : 0x61 (97) [31] : 0x00 (0) [32] : 0x2f (47) [33] : 0x00 (0) [34] : 0x73 (115) [35] : 0x00 (0) [36] : 0x76 (118) [37] : 0x00 (0) [38] : 0x63 (99) [39] : 0x00 (0) [40] : 0x63 (99) [41] : 0x00 (0) [42] : 0x74 (116) [43] : 0x00 (0) [44] : 0x6c (108) [45] : 0x00 (0) [46] : 0x2f (47) [47] : 0x00 (0) [48] : 0x73 (115) [49] : 0x00 (0) [50] : 0x6d (109) [51] : 0x00 (0) [52] : 0x62 (98) [53] : 0x00 (0) [54] : 0x64 (100) [55] : 0x00 (0) [56] : 0x00 (0) [57] : 0x00 (0) size : 0x0000003a (58) [2012/06/12 03:29:53.173648, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.173821, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:ImagePath] [2012/06/12 03:29:53.173920, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/06/12 03:29:53.174116, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-d64f-717fcd250000 name: struct winreg_String name_len : 0x0018 (24) name_size : 0x0018 (24) name : * name : 'Description' type : REG_SZ (1) data : * data: ARRAY(164) [0] : 0x46 (70) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6c (108) [5] : 0x00 (0) [6] : 0x65 (101) [7] : 0x00 (0) [8] : 0x20 (32) [9] : 0x00 (0) [10] : 0x73 (115) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x76 (118) [17] : 0x00 (0) [18] : 0x69 (105) [19] : 0x00 (0) [20] : 0x63 (99) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x20 (32) [25] : 0x00 (0) [26] : 0x70 (112) [27] : 0x00 (0) [28] : 0x72 (114) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x76 (118) [33] : 0x00 (0) [34] : 0x69 (105) [35] : 0x00 (0) [36] : 0x64 (100) [37] : 0x00 (0) [38] : 0x69 (105) [39] : 0x00 (0) [40] : 0x6e (110) [41] : 0x00 (0) [42] : 0x67 (103) [43] : 0x00 (0) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x61 (97) [47] : 0x00 (0) [48] : 0x63 (99) [49] : 0x00 (0) [50] : 0x63 (99) [51] : 0x00 (0) [52] : 0x65 (101) [53] : 0x00 (0) [54] : 0x73 (115) [55] : 0x00 (0) [56] : 0x73 (115) [57] : 0x00 (0) [58] : 0x20 (32) [59] : 0x00 (0) [60] : 0x74 (116) [61] : 0x00 (0) [62] : 0x6f (111) [63] : 0x00 (0) [64] : 0x20 (32) [65] : 0x00 (0) [66] : 0x70 (112) [67] : 0x00 (0) [68] : 0x6f (111) [69] : 0x00 (0) [70] : 0x6c (108) [71] : 0x00 (0) [72] : 0x69 (105) [73] : 0x00 (0) [74] : 0x63 (99) [75] : 0x00 (0) [76] : 0x79 (121) [77] : 0x00 (0) [78] : 0x20 (32) [79] : 0x00 (0) [80] : 0x61 (97) [81] : 0x00 (0) [82] : 0x6e (110) [83] : 0x00 (0) [84] : 0x64 (100) [85] : 0x00 (0) [86] : 0x20 (32) [87] : 0x00 (0) [88] : 0x70 (112) [89] : 0x00 (0) [90] : 0x72 (114) [91] : 0x00 (0) [92] : 0x6f (111) [93] : 0x00 (0) [94] : 0x66 (102) [95] : 0x00 (0) [96] : 0x69 (105) [97] : 0x00 (0) [98] : 0x6c (108) [99] : 0x00 (0) [100] : 0x65 (101) [101] : 0x00 (0) [102] : 0x20 (32) [103] : 0x00 (0) [104] : 0x64 (100) [105] : 0x00 (0) [106] : 0x61 (97) [107] : 0x00 (0) [108] : 0x74 (116) [109] : 0x00 (0) [110] : 0x61 (97) [111] : 0x00 (0) [112] : 0x20 (32) [113] : 0x00 (0) [114] : 0x28 (40) [115] : 0x00 (0) [116] : 0x6e (110) [117] : 0x00 (0) [118] : 0x6f (111) [119] : 0x00 (0) [120] : 0x74 (116) [121] : 0x00 (0) [122] : 0x72 (114) [123] : 0x00 (0) [124] : 0x65 (101) [125] : 0x00 (0) [126] : 0x6d (109) [127] : 0x00 (0) [128] : 0x6f (111) [129] : 0x00 (0) [130] : 0x74 (116) [131] : 0x00 (0) [132] : 0x65 (101) [133] : 0x00 (0) [134] : 0x6c (108) [135] : 0x00 (0) [136] : 0x79 (121) [137] : 0x00 (0) [138] : 0x20 (32) [139] : 0x00 (0) [140] : 0x6d (109) [141] : 0x00 (0) [142] : 0x61 (97) [143] : 0x00 (0) [144] : 0x6e (110) [145] : 0x00 (0) [146] : 0x61 (97) [147] : 0x00 (0) [148] : 0x67 (103) [149] : 0x00 (0) [150] : 0x65 (101) [151] : 0x00 (0) [152] : 0x61 (97) [153] : 0x00 (0) [154] : 0x62 (98) [155] : 0x00 (0) [156] : 0x6c (108) [157] : 0x00 (0) [158] : 0x65 (101) [159] : 0x00 (0) [160] : 0x29 (41) [161] : 0x00 (0) [162] : 0x00 (0) [163] : 0x00 (0) size : 0x000000a4 (164) [2012/06/12 03:29:53.182709, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.182894, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:Description] [2012/06/12 03:29:53.182992, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/06/12 03:29:53.183244, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-d64f-717fcd250000 [2012/06/12 03:29:53.183588, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.183744, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.183900, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/06/12 03:29:53.183996, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/06/12 03:29:53.184093, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/06/12 03:29:53.184505, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-d64f-717fcd250000 name: struct winreg_String name_len : 0x0068 (104) name_size : 0x0068 (104) name : * name : 'SYSTEM\CurrentControlSet\Services\NETLOGON\Security' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) [2012/06/12 03:29:53.186073, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.186244, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey) _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\NETLOGON\Security' [2012/06/12 03:29:53.186349, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2012/06/12 03:29:53.186446, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/06/12 03:29:53.186544, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] [2012/06/12 03:29:53.186640, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM] [2012/06/12 03:29:53.186749, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/12 03:29:53.186845, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM] [2012/06/12 03:29:53.186951, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2012/06/12 03:29:53.187049, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/06/12 03:29:53.187148, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] [2012/06/12 03:29:53.187245, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] [2012/06/12 03:29:53.187347, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/12 03:29:53.187442, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM\CurrentControlSet] [2012/06/12 03:29:53.187549, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/06/12 03:29:53.187647, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2012/06/12 03:29:53.187756, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/06/12 03:29:53.187854, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/06/12 03:29:53.187949, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/06/12 03:29:53.188044, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/12 03:29:53.188138, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/06/12 03:29:53.188269, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/06/12 03:29:53.188374, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [NETLOGON] [2012/06/12 03:29:53.188471, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/06/12 03:29:53.188570, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] [2012/06/12 03:29:53.188666, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] [2012/06/12 03:29:53.188763, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/12 03:29:53.188858, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] [2012/06/12 03:29:53.188967, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/06/12 03:29:53.189066, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Security] [2012/06/12 03:29:53.189178, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/06/12 03:29:53.190085, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] [2012/06/12 03:29:53.190182, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] [2012/06/12 03:29:53.190299, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/12 03:29:53.190395, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] [2012/06/12 03:29:53.190500, 10] registry/reg_backend_db.c:1630(regdb_fetch_keys_internal) regdb_fetch_keys: no subkeys found for key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] [2012/06/12 03:29:53.190598, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/06/12 03:29:53.190696, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.190866, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey out: struct winreg_CreateKey new_handle : * new_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000006-0000-0000-d64f-717fcd250000 action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) result : WERR_OK [2012/06/12 03:29:53.191365, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000006-0000-0000-d64f-717fcd250000 name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : REG_BINARY (3) data : * data: ARRAY(120) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x00 (0) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x00 (0) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x14 (20) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x02 (2) [21] : 0x00 (0) [22] : 0x64 (100) [23] : 0x00 (0) [24] : 0x04 (4) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x00 (0) [28] : 0x00 (0) [29] : 0x00 (0) [30] : 0x14 (20) [31] : 0x00 (0) [32] : 0x8d (141) [33] : 0x01 (1) [34] : 0x02 (2) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x01 (1) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x01 (1) [44] : 0x00 (0) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x00 (0) [49] : 0x00 (0) [50] : 0x18 (24) [51] : 0x00 (0) [52] : 0xfd (253) [53] : 0x01 (1) [54] : 0x02 (2) [55] : 0x00 (0) [56] : 0x01 (1) [57] : 0x02 (2) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x00 (0) [62] : 0x00 (0) [63] : 0x05 (5) [64] : 0x20 (32) [65] : 0x00 (0) [66] : 0x00 (0) [67] : 0x00 (0) [68] : 0x23 (35) [69] : 0x02 (2) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x18 (24) [75] : 0x00 (0) [76] : 0xff (255) [77] : 0x01 (1) [78] : 0x0f (15) [79] : 0x00 (0) [80] : 0x01 (1) [81] : 0x02 (2) [82] : 0x00 (0) [83] : 0x00 (0) [84] : 0x00 (0) [85] : 0x00 (0) [86] : 0x00 (0) [87] : 0x05 (5) [88] : 0x20 (32) [89] : 0x00 (0) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x25 (37) [93] : 0x02 (2) [94] : 0x00 (0) [95] : 0x00 (0) [96] : 0x00 (0) [97] : 0x00 (0) [98] : 0x18 (24) [99] : 0x00 (0) [100] : 0xff (255) [101] : 0x01 (1) [102] : 0x0f (15) [103] : 0x00 (0) [104] : 0x01 (1) [105] : 0x02 (2) [106] : 0x00 (0) [107] : 0x00 (0) [108] : 0x00 (0) [109] : 0x00 (0) [110] : 0x00 (0) [111] : 0x05 (5) [112] : 0x20 (32) [113] : 0x00 (0) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x20 (32) [117] : 0x02 (2) [118] : 0x00 (0) [119] : 0x00 (0) size : 0x00000078 (120) [2012/06/12 03:29:53.197832, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.197991, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security:Security] [2012/06/12 03:29:53.198103, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security' (ops 0x7ffa8896c300) [2012/06/12 03:29:53.198201, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) regdb_fetch_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] [2012/06/12 03:29:53.198309, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Security], len: 120 [2012/06/12 03:29:53.198406, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/06/12 03:29:53.198601, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000006-0000-0000-d64f-717fcd250000 [2012/06/12 03:29:53.198920, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.199089, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.199252, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/06/12 03:29:53.199354, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/06/12 03:29:53.199449, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/06/12 03:29:53.199838, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-d64f-717fcd250000 name: struct winreg_String name_len : 0x0062 (98) name_size : 0x0062 (98) name : * name : 'SYSTEM\CurrentControlSet\Services\RemoteRegistry' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_ACTION_NONE (0) [2012/06/12 03:29:53.201434, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.201591, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey) _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\RemoteRegistry' [2012/06/12 03:29:53.201690, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2012/06/12 03:29:53.201787, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/06/12 03:29:53.201886, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] [2012/06/12 03:29:53.201995, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM] [2012/06/12 03:29:53.202092, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/12 03:29:53.202187, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM] [2012/06/12 03:29:53.202307, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2012/06/12 03:29:53.202418, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/06/12 03:29:53.202517, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] [2012/06/12 03:29:53.202613, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] [2012/06/12 03:29:53.202711, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/12 03:29:53.202806, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM\CurrentControlSet] [2012/06/12 03:29:53.202926, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/06/12 03:29:53.203030, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2012/06/12 03:29:53.203127, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/06/12 03:29:53.203253, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/06/12 03:29:53.203355, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/06/12 03:29:53.203453, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/12 03:29:53.203548, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/06/12 03:29:53.203681, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/06/12 03:29:53.203781, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [RemoteRegistry] [2012/06/12 03:29:53.203879, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/06/12 03:29:53.203978, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] [2012/06/12 03:29:53.204074, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] [2012/06/12 03:29:53.204171, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/12 03:29:53.204326, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] [2012/06/12 03:29:53.204434, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/06/12 03:29:53.204533, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.204688, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey out: struct winreg_CreateKey new_handle : * new_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-d64f-717fcd250000 action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) result : WERR_OK [2012/06/12 03:29:53.205165, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-d64f-717fcd250000 name: struct winreg_String name_len : 0x000c (12) name_size : 0x000c (12) name : * name : 'Start' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x02 (2) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2012/06/12 03:29:53.206098, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.206245, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:Start] [2012/06/12 03:29:53.206354, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry' (ops 0x7ffa8896c300) [2012/06/12 03:29:53.206451, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) regdb_fetch_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] [2012/06/12 03:29:53.206557, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Start], len: 4 [2012/06/12 03:29:53.206655, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Type], len: 4 [2012/06/12 03:29:53.206773, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [ErrorControl], len: 4 [2012/06/12 03:29:53.206871, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [ObjectName], len: 24 [2012/06/12 03:29:53.206969, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [DisplayName], len: 48 [2012/06/12 03:29:53.207067, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [ImagePath], len: 58 [2012/06/12 03:29:53.207166, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Description], len: 126 [2012/06/12 03:29:53.207314, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/06/12 03:29:53.207511, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-d64f-717fcd250000 name: struct winreg_String name_len : 0x000a (10) name_size : 0x000a (10) name : * name : 'Type' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2012/06/12 03:29:53.208448, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.208639, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:Type] [2012/06/12 03:29:53.208779, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/06/12 03:29:53.208976, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-d64f-717fcd250000 name: struct winreg_String name_len : 0x001a (26) name_size : 0x001a (26) name : * name : 'ErrorControl' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2012/06/12 03:29:53.209918, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.210074, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:ErrorControl] [2012/06/12 03:29:53.210193, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/06/12 03:29:53.211190, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-d64f-717fcd250000 name: struct winreg_String name_len : 0x0016 (22) name_size : 0x0016 (22) name : * name : 'ObjectName' type : REG_SZ (1) data : * data: ARRAY(24) [0] : 0x4c (76) [1] : 0x00 (0) [2] : 0x6f (111) [3] : 0x00 (0) [4] : 0x63 (99) [5] : 0x00 (0) [6] : 0x61 (97) [7] : 0x00 (0) [8] : 0x6c (108) [9] : 0x00 (0) [10] : 0x53 (83) [11] : 0x00 (0) [12] : 0x79 (121) [13] : 0x00 (0) [14] : 0x73 (115) [15] : 0x00 (0) [16] : 0x74 (116) [17] : 0x00 (0) [18] : 0x65 (101) [19] : 0x00 (0) [20] : 0x6d (109) [21] : 0x00 (0) [22] : 0x00 (0) [23] : 0x00 (0) size : 0x00000018 (24) [2012/06/12 03:29:53.213121, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.213304, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:ObjectName] [2012/06/12 03:29:53.213404, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/06/12 03:29:53.213602, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-d64f-717fcd250000 name: struct winreg_String name_len : 0x0018 (24) name_size : 0x0018 (24) name : * name : 'DisplayName' type : REG_SZ (1) data : * data: ARRAY(48) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x65 (101) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x6f (111) [7] : 0x00 (0) [8] : 0x74 (116) [9] : 0x00 (0) [10] : 0x65 (101) [11] : 0x00 (0) [12] : 0x20 (32) [13] : 0x00 (0) [14] : 0x52 (82) [15] : 0x00 (0) [16] : 0x65 (101) [17] : 0x00 (0) [18] : 0x67 (103) [19] : 0x00 (0) [20] : 0x69 (105) [21] : 0x00 (0) [22] : 0x73 (115) [23] : 0x00 (0) [24] : 0x74 (116) [25] : 0x00 (0) [26] : 0x72 (114) [27] : 0x00 (0) [28] : 0x79 (121) [29] : 0x00 (0) [30] : 0x20 (32) [31] : 0x00 (0) [32] : 0x53 (83) [33] : 0x00 (0) [34] : 0x65 (101) [35] : 0x00 (0) [36] : 0x72 (114) [37] : 0x00 (0) [38] : 0x76 (118) [39] : 0x00 (0) [40] : 0x69 (105) [41] : 0x00 (0) [42] : 0x63 (99) [43] : 0x00 (0) [44] : 0x65 (101) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) size : 0x00000030 (48) [2012/06/12 03:29:53.216669, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.216827, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:DisplayName] [2012/06/12 03:29:53.216926, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/06/12 03:29:53.217155, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-d64f-717fcd250000 name: struct winreg_String name_len : 0x0014 (20) name_size : 0x0014 (20) name : * name : 'ImagePath' type : REG_SZ (1) data : * data: ARRAY(58) [0] : 0x2f (47) [1] : 0x00 (0) [2] : 0x75 (117) [3] : 0x00 (0) [4] : 0x73 (115) [5] : 0x00 (0) [6] : 0x72 (114) [7] : 0x00 (0) [8] : 0x2f (47) [9] : 0x00 (0) [10] : 0x6c (108) [11] : 0x00 (0) [12] : 0x69 (105) [13] : 0x00 (0) [14] : 0x62 (98) [15] : 0x00 (0) [16] : 0x36 (54) [17] : 0x00 (0) [18] : 0x34 (52) [19] : 0x00 (0) [20] : 0x2f (47) [21] : 0x00 (0) [22] : 0x73 (115) [23] : 0x00 (0) [24] : 0x61 (97) [25] : 0x00 (0) [26] : 0x6d (109) [27] : 0x00 (0) [28] : 0x62 (98) [29] : 0x00 (0) [30] : 0x61 (97) [31] : 0x00 (0) [32] : 0x2f (47) [33] : 0x00 (0) [34] : 0x73 (115) [35] : 0x00 (0) [36] : 0x76 (118) [37] : 0x00 (0) [38] : 0x63 (99) [39] : 0x00 (0) [40] : 0x63 (99) [41] : 0x00 (0) [42] : 0x74 (116) [43] : 0x00 (0) [44] : 0x6c (108) [45] : 0x00 (0) [46] : 0x2f (47) [47] : 0x00 (0) [48] : 0x73 (115) [49] : 0x00 (0) [50] : 0x6d (109) [51] : 0x00 (0) [52] : 0x62 (98) [53] : 0x00 (0) [54] : 0x64 (100) [55] : 0x00 (0) [56] : 0x00 (0) [57] : 0x00 (0) size : 0x0000003a (58) [2012/06/12 03:29:53.220586, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.220744, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:ImagePath] [2012/06/12 03:29:53.220842, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/06/12 03:29:53.221057, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-d64f-717fcd250000 name: struct winreg_String name_len : 0x0018 (24) name_size : 0x0018 (24) name : * name : 'Description' type : REG_SZ (1) data : * data: ARRAY(126) [0] : 0x49 (73) [1] : 0x00 (0) [2] : 0x6e (110) [3] : 0x00 (0) [4] : 0x74 (116) [5] : 0x00 (0) [6] : 0x65 (101) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x6e (110) [11] : 0x00 (0) [12] : 0x61 (97) [13] : 0x00 (0) [14] : 0x6c (108) [15] : 0x00 (0) [16] : 0x20 (32) [17] : 0x00 (0) [18] : 0x73 (115) [19] : 0x00 (0) [20] : 0x65 (101) [21] : 0x00 (0) [22] : 0x72 (114) [23] : 0x00 (0) [24] : 0x76 (118) [25] : 0x00 (0) [26] : 0x69 (105) [27] : 0x00 (0) [28] : 0x63 (99) [29] : 0x00 (0) [30] : 0x65 (101) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x00 (0) [34] : 0x70 (112) [35] : 0x00 (0) [36] : 0x72 (114) [37] : 0x00 (0) [38] : 0x6f (111) [39] : 0x00 (0) [40] : 0x76 (118) [41] : 0x00 (0) [42] : 0x69 (105) [43] : 0x00 (0) [44] : 0x64 (100) [45] : 0x00 (0) [46] : 0x69 (105) [47] : 0x00 (0) [48] : 0x6e (110) [49] : 0x00 (0) [50] : 0x67 (103) [51] : 0x00 (0) [52] : 0x20 (32) [53] : 0x00 (0) [54] : 0x72 (114) [55] : 0x00 (0) [56] : 0x65 (101) [57] : 0x00 (0) [58] : 0x6d (109) [59] : 0x00 (0) [60] : 0x6f (111) [61] : 0x00 (0) [62] : 0x74 (116) [63] : 0x00 (0) [64] : 0x65 (101) [65] : 0x00 (0) [66] : 0x20 (32) [67] : 0x00 (0) [68] : 0x61 (97) [69] : 0x00 (0) [70] : 0x63 (99) [71] : 0x00 (0) [72] : 0x63 (99) [73] : 0x00 (0) [74] : 0x65 (101) [75] : 0x00 (0) [76] : 0x73 (115) [77] : 0x00 (0) [78] : 0x73 (115) [79] : 0x00 (0) [80] : 0x20 (32) [81] : 0x00 (0) [82] : 0x74 (116) [83] : 0x00 (0) [84] : 0x6f (111) [85] : 0x00 (0) [86] : 0x20 (32) [87] : 0x00 (0) [88] : 0x74 (116) [89] : 0x00 (0) [90] : 0x68 (104) [91] : 0x00 (0) [92] : 0x65 (101) [93] : 0x00 (0) [94] : 0x20 (32) [95] : 0x00 (0) [96] : 0x53 (83) [97] : 0x00 (0) [98] : 0x61 (97) [99] : 0x00 (0) [100] : 0x6d (109) [101] : 0x00 (0) [102] : 0x62 (98) [103] : 0x00 (0) [104] : 0x61 (97) [105] : 0x00 (0) [106] : 0x20 (32) [107] : 0x00 (0) [108] : 0x72 (114) [109] : 0x00 (0) [110] : 0x65 (101) [111] : 0x00 (0) [112] : 0x67 (103) [113] : 0x00 (0) [114] : 0x69 (105) [115] : 0x00 (0) [116] : 0x73 (115) [117] : 0x00 (0) [118] : 0x74 (116) [119] : 0x00 (0) [120] : 0x72 (114) [121] : 0x00 (0) [122] : 0x79 (121) [123] : 0x00 (0) [124] : 0x00 (0) [125] : 0x00 (0) size : 0x0000007e (126) [2012/06/12 03:29:53.227749, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.227911, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:Description] [2012/06/12 03:29:53.228012, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/06/12 03:29:53.228281, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-d64f-717fcd250000 [2012/06/12 03:29:53.228714, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.228870, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.229025, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/06/12 03:29:53.229122, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/06/12 03:29:53.230055, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/06/12 03:29:53.230471, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-d64f-717fcd250000 name: struct winreg_String name_len : 0x0074 (116) name_size : 0x0074 (116) name : * name : 'SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) [2012/06/12 03:29:53.232069, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.232269, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey) _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security' [2012/06/12 03:29:53.232374, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2012/06/12 03:29:53.232470, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/06/12 03:29:53.232568, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] [2012/06/12 03:29:53.232662, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM] [2012/06/12 03:29:53.232758, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/12 03:29:53.232868, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM] [2012/06/12 03:29:53.232976, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2012/06/12 03:29:53.233074, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/06/12 03:29:53.233172, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] [2012/06/12 03:29:53.233297, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] [2012/06/12 03:29:53.233397, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/12 03:29:53.233492, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM\CurrentControlSet] [2012/06/12 03:29:53.233600, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/06/12 03:29:53.233698, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2012/06/12 03:29:53.233811, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/06/12 03:29:53.233909, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/06/12 03:29:53.234006, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/06/12 03:29:53.234102, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/12 03:29:53.234198, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/06/12 03:29:53.234315, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/06/12 03:29:53.234415, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [RemoteRegistry] [2012/06/12 03:29:53.234517, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/06/12 03:29:53.234617, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] [2012/06/12 03:29:53.234726, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] [2012/06/12 03:29:53.234823, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/12 03:29:53.234918, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] [2012/06/12 03:29:53.235025, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/06/12 03:29:53.235122, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Security] [2012/06/12 03:29:53.235253, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/06/12 03:29:53.235358, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] [2012/06/12 03:29:53.235455, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] [2012/06/12 03:29:53.235552, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/12 03:29:53.235659, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] [2012/06/12 03:29:53.235768, 10] registry/reg_backend_db.c:1630(regdb_fetch_keys_internal) regdb_fetch_keys: no subkeys found for key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] [2012/06/12 03:29:53.235867, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/06/12 03:29:53.235964, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 08 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.236120, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey out: struct winreg_CreateKey new_handle : * new_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000008-0000-0000-d64f-717fcd250000 action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) result : WERR_OK [2012/06/12 03:29:53.236657, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000008-0000-0000-d64f-717fcd250000 name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : REG_BINARY (3) data : * data: ARRAY(120) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x00 (0) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x00 (0) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x14 (20) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x02 (2) [21] : 0x00 (0) [22] : 0x64 (100) [23] : 0x00 (0) [24] : 0x04 (4) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x00 (0) [28] : 0x00 (0) [29] : 0x00 (0) [30] : 0x14 (20) [31] : 0x00 (0) [32] : 0x8d (141) [33] : 0x01 (1) [34] : 0x02 (2) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x01 (1) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x01 (1) [44] : 0x00 (0) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x00 (0) [49] : 0x00 (0) [50] : 0x18 (24) [51] : 0x00 (0) [52] : 0xfd (253) [53] : 0x01 (1) [54] : 0x02 (2) [55] : 0x00 (0) [56] : 0x01 (1) [57] : 0x02 (2) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x00 (0) [62] : 0x00 (0) [63] : 0x05 (5) [64] : 0x20 (32) [65] : 0x00 (0) [66] : 0x00 (0) [67] : 0x00 (0) [68] : 0x23 (35) [69] : 0x02 (2) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x18 (24) [75] : 0x00 (0) [76] : 0xff (255) [77] : 0x01 (1) [78] : 0x0f (15) [79] : 0x00 (0) [80] : 0x01 (1) [81] : 0x02 (2) [82] : 0x00 (0) [83] : 0x00 (0) [84] : 0x00 (0) [85] : 0x00 (0) [86] : 0x00 (0) [87] : 0x05 (5) [88] : 0x20 (32) [89] : 0x00 (0) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x25 (37) [93] : 0x02 (2) [94] : 0x00 (0) [95] : 0x00 (0) [96] : 0x00 (0) [97] : 0x00 (0) [98] : 0x18 (24) [99] : 0x00 (0) [100] : 0xff (255) [101] : 0x01 (1) [102] : 0x0f (15) [103] : 0x00 (0) [104] : 0x01 (1) [105] : 0x02 (2) [106] : 0x00 (0) [107] : 0x00 (0) [108] : 0x00 (0) [109] : 0x00 (0) [110] : 0x00 (0) [111] : 0x05 (5) [112] : 0x20 (32) [113] : 0x00 (0) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x20 (32) [117] : 0x02 (2) [118] : 0x00 (0) [119] : 0x00 (0) size : 0x00000078 (120) [2012/06/12 03:29:53.243063, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 08 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.243244, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security:Security] [2012/06/12 03:29:53.243348, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security' (ops 0x7ffa8896c300) [2012/06/12 03:29:53.243445, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) regdb_fetch_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] [2012/06/12 03:29:53.243552, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Security], len: 120 [2012/06/12 03:29:53.243650, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/06/12 03:29:53.243842, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000008-0000-0000-d64f-717fcd250000 [2012/06/12 03:29:53.244173, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 08 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.244363, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 08 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.244519, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/06/12 03:29:53.244615, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/06/12 03:29:53.244712, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/06/12 03:29:53.245124, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-d64f-717fcd250000 name: struct winreg_String name_len : 0x004e (78) name_size : 0x004e (78) name : * name : 'SYSTEM\CurrentControlSet\Services\WINS' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_ACTION_NONE (0) [2012/06/12 03:29:53.246704, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.246863, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey) _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\WINS' [2012/06/12 03:29:53.246961, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2012/06/12 03:29:53.247058, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/06/12 03:29:53.247156, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] [2012/06/12 03:29:53.247246, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM] [2012/06/12 03:29:53.247349, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/12 03:29:53.247472, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM] [2012/06/12 03:29:53.247578, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2012/06/12 03:29:53.247676, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/06/12 03:29:53.247795, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] [2012/06/12 03:29:53.247891, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] [2012/06/12 03:29:53.247988, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/12 03:29:53.248084, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM\CurrentControlSet] [2012/06/12 03:29:53.248191, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/06/12 03:29:53.248339, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2012/06/12 03:29:53.248436, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/06/12 03:29:53.248534, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/06/12 03:29:53.248630, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/06/12 03:29:53.248728, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/12 03:29:53.248823, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/06/12 03:29:53.248957, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/06/12 03:29:53.249076, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [WINS] [2012/06/12 03:29:53.249173, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/06/12 03:29:53.249301, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] [2012/06/12 03:29:53.249397, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] [2012/06/12 03:29:53.249494, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/12 03:29:53.249589, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] [2012/06/12 03:29:53.249701, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/06/12 03:29:53.249800, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.249955, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey out: struct winreg_CreateKey new_handle : * new_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-d64f-717fcd250000 action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) result : WERR_OK [2012/06/12 03:29:53.250442, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-d64f-717fcd250000 name: struct winreg_String name_len : 0x000c (12) name_size : 0x000c (12) name : * name : 'Start' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x02 (2) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2012/06/12 03:29:53.252138, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.252323, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:Start] [2012/06/12 03:29:53.252421, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\WINS' (ops 0x7ffa8896c300) [2012/06/12 03:29:53.252518, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) regdb_fetch_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS] [2012/06/12 03:29:53.252623, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Start], len: 4 [2012/06/12 03:29:53.252721, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Type], len: 4 [2012/06/12 03:29:53.252819, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [ErrorControl], len: 4 [2012/06/12 03:29:53.252916, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [ObjectName], len: 24 [2012/06/12 03:29:53.253013, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [DisplayName], len: 74 [2012/06/12 03:29:53.253112, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [ImagePath], len: 58 [2012/06/12 03:29:53.253244, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Description], len: 178 [2012/06/12 03:29:53.253360, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/06/12 03:29:53.253556, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-d64f-717fcd250000 name: struct winreg_String name_len : 0x000a (10) name_size : 0x000a (10) name : * name : 'Type' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2012/06/12 03:29:53.254475, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.254631, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:Type] [2012/06/12 03:29:53.254856, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/06/12 03:29:53.255060, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-d64f-717fcd250000 name: struct winreg_String name_len : 0x001a (26) name_size : 0x001a (26) name : * name : 'ErrorControl' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2012/06/12 03:29:53.255980, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.256278, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:ErrorControl] [2012/06/12 03:29:53.256381, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/06/12 03:29:53.256576, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-d64f-717fcd250000 name: struct winreg_String name_len : 0x0016 (22) name_size : 0x0016 (22) name : * name : 'ObjectName' type : REG_SZ (1) data : * data: ARRAY(24) [0] : 0x4c (76) [1] : 0x00 (0) [2] : 0x6f (111) [3] : 0x00 (0) [4] : 0x63 (99) [5] : 0x00 (0) [6] : 0x61 (97) [7] : 0x00 (0) [8] : 0x6c (108) [9] : 0x00 (0) [10] : 0x53 (83) [11] : 0x00 (0) [12] : 0x79 (121) [13] : 0x00 (0) [14] : 0x73 (115) [15] : 0x00 (0) [16] : 0x74 (116) [17] : 0x00 (0) [18] : 0x65 (101) [19] : 0x00 (0) [20] : 0x6d (109) [21] : 0x00 (0) [22] : 0x00 (0) [23] : 0x00 (0) size : 0x00000018 (24) [2012/06/12 03:29:53.258435, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.258590, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:ObjectName] [2012/06/12 03:29:53.258699, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/06/12 03:29:53.258899, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-d64f-717fcd250000 name: struct winreg_String name_len : 0x0018 (24) name_size : 0x0018 (24) name : * name : 'DisplayName' type : REG_SZ (1) data : * data: ARRAY(74) [0] : 0x57 (87) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x64 (100) [7] : 0x00 (0) [8] : 0x6f (111) [9] : 0x00 (0) [10] : 0x77 (119) [11] : 0x00 (0) [12] : 0x73 (115) [13] : 0x00 (0) [14] : 0x20 (32) [15] : 0x00 (0) [16] : 0x49 (73) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x6e (110) [27] : 0x00 (0) [28] : 0x65 (101) [29] : 0x00 (0) [30] : 0x74 (116) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x00 (0) [34] : 0x4e (78) [35] : 0x00 (0) [36] : 0x61 (97) [37] : 0x00 (0) [38] : 0x6d (109) [39] : 0x00 (0) [40] : 0x65 (101) [41] : 0x00 (0) [42] : 0x20 (32) [43] : 0x00 (0) [44] : 0x53 (83) [45] : 0x00 (0) [46] : 0x65 (101) [47] : 0x00 (0) [48] : 0x72 (114) [49] : 0x00 (0) [50] : 0x76 (118) [51] : 0x00 (0) [52] : 0x69 (105) [53] : 0x00 (0) [54] : 0x63 (99) [55] : 0x00 (0) [56] : 0x65 (101) [57] : 0x00 (0) [58] : 0x20 (32) [59] : 0x00 (0) [60] : 0x28 (40) [61] : 0x00 (0) [62] : 0x57 (87) [63] : 0x00 (0) [64] : 0x49 (73) [65] : 0x00 (0) [66] : 0x4e (78) [67] : 0x00 (0) [68] : 0x53 (83) [69] : 0x00 (0) [70] : 0x29 (41) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) size : 0x0000004a (74) [2012/06/12 03:29:53.263163, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.263345, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:DisplayName] [2012/06/12 03:29:53.263456, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/06/12 03:29:53.263654, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-d64f-717fcd250000 name: struct winreg_String name_len : 0x0014 (20) name_size : 0x0014 (20) name : * name : 'ImagePath' type : REG_SZ (1) data : * data: ARRAY(58) [0] : 0x2f (47) [1] : 0x00 (0) [2] : 0x75 (117) [3] : 0x00 (0) [4] : 0x73 (115) [5] : 0x00 (0) [6] : 0x72 (114) [7] : 0x00 (0) [8] : 0x2f (47) [9] : 0x00 (0) [10] : 0x6c (108) [11] : 0x00 (0) [12] : 0x69 (105) [13] : 0x00 (0) [14] : 0x62 (98) [15] : 0x00 (0) [16] : 0x36 (54) [17] : 0x00 (0) [18] : 0x34 (52) [19] : 0x00 (0) [20] : 0x2f (47) [21] : 0x00 (0) [22] : 0x73 (115) [23] : 0x00 (0) [24] : 0x61 (97) [25] : 0x00 (0) [26] : 0x6d (109) [27] : 0x00 (0) [28] : 0x62 (98) [29] : 0x00 (0) [30] : 0x61 (97) [31] : 0x00 (0) [32] : 0x2f (47) [33] : 0x00 (0) [34] : 0x73 (115) [35] : 0x00 (0) [36] : 0x76 (118) [37] : 0x00 (0) [38] : 0x63 (99) [39] : 0x00 (0) [40] : 0x63 (99) [41] : 0x00 (0) [42] : 0x74 (116) [43] : 0x00 (0) [44] : 0x6c (108) [45] : 0x00 (0) [46] : 0x2f (47) [47] : 0x00 (0) [48] : 0x6e (110) [49] : 0x00 (0) [50] : 0x6d (109) [51] : 0x00 (0) [52] : 0x62 (98) [53] : 0x00 (0) [54] : 0x64 (100) [55] : 0x00 (0) [56] : 0x00 (0) [57] : 0x00 (0) size : 0x0000003a (58) [2012/06/12 03:29:53.267065, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.267354, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:ImagePath] [2012/06/12 03:29:53.267453, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/06/12 03:29:53.267651, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-d64f-717fcd250000 name: struct winreg_String name_len : 0x0018 (24) name_size : 0x0018 (24) name : * name : 'Description' type : REG_SZ (1) data : * data: ARRAY(178) [0] : 0x49 (73) [1] : 0x00 (0) [2] : 0x6e (110) [3] : 0x00 (0) [4] : 0x74 (116) [5] : 0x00 (0) [6] : 0x65 (101) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x6e (110) [11] : 0x00 (0) [12] : 0x61 (97) [13] : 0x00 (0) [14] : 0x6c (108) [15] : 0x00 (0) [16] : 0x20 (32) [17] : 0x00 (0) [18] : 0x73 (115) [19] : 0x00 (0) [20] : 0x65 (101) [21] : 0x00 (0) [22] : 0x72 (114) [23] : 0x00 (0) [24] : 0x76 (118) [25] : 0x00 (0) [26] : 0x69 (105) [27] : 0x00 (0) [28] : 0x63 (99) [29] : 0x00 (0) [30] : 0x65 (101) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x00 (0) [34] : 0x70 (112) [35] : 0x00 (0) [36] : 0x72 (114) [37] : 0x00 (0) [38] : 0x6f (111) [39] : 0x00 (0) [40] : 0x76 (118) [41] : 0x00 (0) [42] : 0x69 (105) [43] : 0x00 (0) [44] : 0x64 (100) [45] : 0x00 (0) [46] : 0x69 (105) [47] : 0x00 (0) [48] : 0x6e (110) [49] : 0x00 (0) [50] : 0x67 (103) [51] : 0x00 (0) [52] : 0x20 (32) [53] : 0x00 (0) [54] : 0x61 (97) [55] : 0x00 (0) [56] : 0x20 (32) [57] : 0x00 (0) [58] : 0x4e (78) [59] : 0x00 (0) [60] : 0x65 (101) [61] : 0x00 (0) [62] : 0x74 (116) [63] : 0x00 (0) [64] : 0x42 (66) [65] : 0x00 (0) [66] : 0x49 (73) [67] : 0x00 (0) [68] : 0x4f (79) [69] : 0x00 (0) [70] : 0x53 (83) [71] : 0x00 (0) [72] : 0x20 (32) [73] : 0x00 (0) [74] : 0x70 (112) [75] : 0x00 (0) [76] : 0x6f (111) [77] : 0x00 (0) [78] : 0x69 (105) [79] : 0x00 (0) [80] : 0x6e (110) [81] : 0x00 (0) [82] : 0x74 (116) [83] : 0x00 (0) [84] : 0x2d (45) [85] : 0x00 (0) [86] : 0x74 (116) [87] : 0x00 (0) [88] : 0x6f (111) [89] : 0x00 (0) [90] : 0x2d (45) [91] : 0x00 (0) [92] : 0x70 (112) [93] : 0x00 (0) [94] : 0x6f (111) [95] : 0x00 (0) [96] : 0x69 (105) [97] : 0x00 (0) [98] : 0x6e (110) [99] : 0x00 (0) [100] : 0x74 (116) [101] : 0x00 (0) [102] : 0x20 (32) [103] : 0x00 (0) [104] : 0x6e (110) [105] : 0x00 (0) [106] : 0x61 (97) [107] : 0x00 (0) [108] : 0x6d (109) [109] : 0x00 (0) [110] : 0x65 (101) [111] : 0x00 (0) [112] : 0x20 (32) [113] : 0x00 (0) [114] : 0x73 (115) [115] : 0x00 (0) [116] : 0x65 (101) [117] : 0x00 (0) [118] : 0x72 (114) [119] : 0x00 (0) [120] : 0x76 (118) [121] : 0x00 (0) [122] : 0x65 (101) [123] : 0x00 (0) [124] : 0x72 (114) [125] : 0x00 (0) [126] : 0x28 (40) [127] : 0x00 (0) [128] : 0x6e (110) [129] : 0x00 (0) [130] : 0x6f (111) [131] : 0x00 (0) [132] : 0x74 (116) [133] : 0x00 (0) [134] : 0x20 (32) [135] : 0x00 (0) [136] : 0x72 (114) [137] : 0x00 (0) [138] : 0x65 (101) [139] : 0x00 (0) [140] : 0x6d (109) [141] : 0x00 (0) [142] : 0x6f (111) [143] : 0x00 (0) [144] : 0x74 (116) [145] : 0x00 (0) [146] : 0x65 (101) [147] : 0x00 (0) [148] : 0x6c (108) [149] : 0x00 (0) [150] : 0x79 (121) [151] : 0x00 (0) [152] : 0x20 (32) [153] : 0x00 (0) [154] : 0x6d (109) [155] : 0x00 (0) [156] : 0x61 (97) [157] : 0x00 (0) [158] : 0x6e (110) [159] : 0x00 (0) [160] : 0x61 (97) [161] : 0x00 (0) [162] : 0x67 (103) [163] : 0x00 (0) [164] : 0x65 (101) [165] : 0x00 (0) [166] : 0x61 (97) [167] : 0x00 (0) [168] : 0x62 (98) [169] : 0x00 (0) [170] : 0x6c (108) [171] : 0x00 (0) [172] : 0x65 (101) [173] : 0x00 (0) [174] : 0x29 (41) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x00 (0) size : 0x000000b2 (178) [2012/06/12 03:29:53.277660, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.277817, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:Description] [2012/06/12 03:29:53.277914, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/06/12 03:29:53.278120, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-d64f-717fcd250000 [2012/06/12 03:29:53.278474, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.278635, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.278795, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/06/12 03:29:53.278892, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/06/12 03:29:53.278988, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/06/12 03:29:53.279400, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-d64f-717fcd250000 name: struct winreg_String name_len : 0x0060 (96) name_size : 0x0060 (96) name : * name : 'SYSTEM\CurrentControlSet\Services\WINS\Security' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) [2012/06/12 03:29:53.280948, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.281106, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey) _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\WINS\Security' [2012/06/12 03:29:53.281204, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2012/06/12 03:29:53.281297, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/06/12 03:29:53.281412, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] [2012/06/12 03:29:53.281506, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM] [2012/06/12 03:29:53.281602, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/12 03:29:53.281695, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM] [2012/06/12 03:29:53.281801, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2012/06/12 03:29:53.281910, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/06/12 03:29:53.282008, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] [2012/06/12 03:29:53.282128, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] [2012/06/12 03:29:53.282244, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/12 03:29:53.282357, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM\CurrentControlSet] [2012/06/12 03:29:53.282468, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/06/12 03:29:53.282566, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2012/06/12 03:29:53.282663, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/06/12 03:29:53.282761, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/06/12 03:29:53.282870, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/06/12 03:29:53.282966, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/12 03:29:53.283061, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/06/12 03:29:53.283173, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/06/12 03:29:53.283299, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [WINS] [2012/06/12 03:29:53.283397, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/06/12 03:29:53.283495, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] [2012/06/12 03:29:53.283591, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] [2012/06/12 03:29:53.283687, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/12 03:29:53.283791, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] [2012/06/12 03:29:53.283900, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/06/12 03:29:53.283998, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Security] [2012/06/12 03:29:53.284094, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/06/12 03:29:53.284193, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] [2012/06/12 03:29:53.284320, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] [2012/06/12 03:29:53.284417, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/12 03:29:53.284512, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] [2012/06/12 03:29:53.284615, 10] registry/reg_backend_db.c:1630(regdb_fetch_keys_internal) regdb_fetch_keys: no subkeys found for key [HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] [2012/06/12 03:29:53.284713, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/06/12 03:29:53.284810, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 0A 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.284966, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey out: struct winreg_CreateKey new_handle : * new_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000a-0000-0000-d64f-717fcd250000 action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) result : WERR_OK [2012/06/12 03:29:53.285476, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000a-0000-0000-d64f-717fcd250000 name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : REG_BINARY (3) data : * data: ARRAY(120) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x00 (0) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x00 (0) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x14 (20) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x02 (2) [21] : 0x00 (0) [22] : 0x64 (100) [23] : 0x00 (0) [24] : 0x04 (4) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x00 (0) [28] : 0x00 (0) [29] : 0x00 (0) [30] : 0x14 (20) [31] : 0x00 (0) [32] : 0x8d (141) [33] : 0x01 (1) [34] : 0x02 (2) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x01 (1) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x01 (1) [44] : 0x00 (0) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x00 (0) [49] : 0x00 (0) [50] : 0x18 (24) [51] : 0x00 (0) [52] : 0xfd (253) [53] : 0x01 (1) [54] : 0x02 (2) [55] : 0x00 (0) [56] : 0x01 (1) [57] : 0x02 (2) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x00 (0) [62] : 0x00 (0) [63] : 0x05 (5) [64] : 0x20 (32) [65] : 0x00 (0) [66] : 0x00 (0) [67] : 0x00 (0) [68] : 0x23 (35) [69] : 0x02 (2) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x18 (24) [75] : 0x00 (0) [76] : 0xff (255) [77] : 0x01 (1) [78] : 0x0f (15) [79] : 0x00 (0) [80] : 0x01 (1) [81] : 0x02 (2) [82] : 0x00 (0) [83] : 0x00 (0) [84] : 0x00 (0) [85] : 0x00 (0) [86] : 0x00 (0) [87] : 0x05 (5) [88] : 0x20 (32) [89] : 0x00 (0) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x25 (37) [93] : 0x02 (2) [94] : 0x00 (0) [95] : 0x00 (0) [96] : 0x00 (0) [97] : 0x00 (0) [98] : 0x18 (24) [99] : 0x00 (0) [100] : 0xff (255) [101] : 0x01 (1) [102] : 0x0f (15) [103] : 0x00 (0) [104] : 0x01 (1) [105] : 0x02 (2) [106] : 0x00 (0) [107] : 0x00 (0) [108] : 0x00 (0) [109] : 0x00 (0) [110] : 0x00 (0) [111] : 0x05 (5) [112] : 0x20 (32) [113] : 0x00 (0) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x20 (32) [117] : 0x02 (2) [118] : 0x00 (0) [119] : 0x00 (0) size : 0x00000078 (120) [2012/06/12 03:29:53.292879, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0A 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.293042, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security:Security] [2012/06/12 03:29:53.293139, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security' (ops 0x7ffa8896c300) [2012/06/12 03:29:53.293301, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) regdb_fetch_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] [2012/06/12 03:29:53.293408, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Security], len: 120 [2012/06/12 03:29:53.293506, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/06/12 03:29:53.293713, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000a-0000-0000-d64f-717fcd250000 [2012/06/12 03:29:53.294034, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0A 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.294196, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0A 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.294345, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/06/12 03:29:53.294440, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/06/12 03:29:53.294535, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/06/12 03:29:53.294907, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-d64f-717fcd250000 [2012/06/12 03:29:53.295259, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.295421, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.295576, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/06/12 03:29:53.295681, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/06/12 03:29:53.295778, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/06/12 03:29:53.296191, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (2->1) [2012/06/12 03:29:53.296439, 3] rpc_server/eventlog/srv_eventlog_reg.c:59(eventlog_init_winreg) Initialise the eventlog registry keys if needed. [2012/06/12 03:29:53.296545, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/06/12 03:29:53.296646, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 2 for pipe \winreg [2012/06/12 03:29:53.296749, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/06/12 03:29:53.296852, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/06/12 03:29:53.297473, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/06/12 03:29:53.297584, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (1->2) [2012/06/12 03:29:53.297682, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2012/06/12 03:29:53.297778, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2012/06/12 03:29:53.297874, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/12 03:29:53.297968, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM] [2012/06/12 03:29:53.298090, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 0B 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.298253, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000b-0000-0000-d64f-717fcd250000 result : WERR_OK [2012/06/12 03:29:53.298644, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000b-0000-0000-d64f-717fcd250000 keyname: struct winreg_String name_len : 0x0056 (86) name_size : 0x0056 (86) name : * name : 'SYSTEM\CurrentControlSet\Services\Eventlog' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/06/12 03:29:53.299830, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0B 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.299987, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2012/06/12 03:29:53.300084, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/06/12 03:29:53.300182, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] [2012/06/12 03:29:53.300314, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM] [2012/06/12 03:29:53.300412, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/12 03:29:53.300603, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM] [2012/06/12 03:29:53.300711, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2012/06/12 03:29:53.300809, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/06/12 03:29:53.300975, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] [2012/06/12 03:29:53.301069, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] [2012/06/12 03:29:53.301164, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/12 03:29:53.301297, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM\CurrentControlSet] [2012/06/12 03:29:53.301407, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/06/12 03:29:53.301504, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2012/06/12 03:29:53.301600, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/06/12 03:29:53.301698, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/06/12 03:29:53.301794, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/06/12 03:29:53.301902, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/12 03:29:53.301998, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/06/12 03:29:53.302112, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/06/12 03:29:53.302244, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Eventlog] [2012/06/12 03:29:53.302346, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/06/12 03:29:53.302450, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] [2012/06/12 03:29:53.302546, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] [2012/06/12 03:29:53.302642, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/12 03:29:53.302737, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7ffa8896c300 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] [2012/06/12 03:29:53.302844, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/06/12 03:29:53.302958, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 0C 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.303119, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000c-0000-0000-d64f-717fcd250000 result : WERR_OK [2012/06/12 03:29:53.303531, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000c-0000-0000-d64f-717fcd250000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2012/06/12 03:29:53.304086, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0C 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.304269, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\Eventlog' (ops 0x7ffa8896c300) [2012/06/12 03:29:53.304384, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) regdb_fetch_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] [2012/06/12 03:29:53.304490, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [DisplayName], len: 20 [2012/06/12 03:29:53.304587, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [ErrorControl], len: 4 [2012/06/12 03:29:53.304684, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] [2012/06/12 03:29:53.304804, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000000 (0) max_subkeylen : * max_subkeylen : 0x00000000 (0) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x00000002 (2) max_valnamelen : * max_valnamelen : 0x0000001a (26) max_valbufsize : * max_valbufsize : 0x00000014 (20) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2012/06/12 03:29:53.305921, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000c-0000-0000-d64f-717fcd250000 [2012/06/12 03:29:53.306310, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0C 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.306468, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0C 00 00 00 00 00 00 00 D6 4F 71 7F ........ .....Oq. [0010] CD 25 00 00 .%.. [2012/06/12 03:29:53.306623, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/06/12 03:29:53.306743, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/06/12 03:29:53.306840, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/06/12 03:29:53.308157, 3] printing/pcap.c:138(pcap_cache_reload) reloading printcap cache [2012/06/12 03:29:53.308381, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 5052494E5445524C4953 [2012/06/12 03:29:53.308503, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7ffa896c3d70 [2012/06/12 03:29:53.308823, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 5052494E5445524C4953 [2012/06/12 03:29:53.308956, 5] printing/print_cups.c:408(cups_pcap_load_async) cups_pcap_load_async: asynchronously loading cups printers [2012/06/12 03:29:53.310951, 10] printing/print_cups.c:425(cups_pcap_load_async) cups_pcap_load_async: child pid = 9678 [2012/06/12 03:29:53.312070, 10] printing/print_cups.c:545(cups_cache_reload) cups_cache_reload: async read on fd 26 [2012/06/12 03:29:53.312937, 3] printing/pcap.c:189(pcap_cache_reload) reload status: ok [2012/06/12 03:29:53.313278, 3] printing/printing.c:1644(start_background_queue) start_background_queue: Starting background LPQ thread [2012/06/12 03:29:53.316323, 5] printing/print_cups.c:277(cups_cache_reload_async) reloading cups printcap cache [2012/06/12 03:29:53.317402, 10] lib/util_sock.c:680(open_socket_in) bind succeeded on port 445 [2012/06/12 03:29:53.317831, 5] lib/util_sock.c:165(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 0 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 65536 SO_RCVBUF = 87380 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 [2012/06/12 03:29:53.319580, 5] lib/util_sock.c:165(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 16 IPTOS_THROUGHPUT = 16 SO_SNDBUF = 2097152 SO_RCVBUF = 2097152 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 [2012/06/12 03:29:53.320585, 10] printing/print_cups.c:89(cups_connect) connecting to cups server localhost:631 [2012/06/12 03:29:53.320669, 10] lib/util_sock.c:680(open_socket_in) bind succeeded on port 139 [2012/06/12 03:29:53.320802, 5] lib/util_sock.c:165(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 0 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 65536 SO_RCVBUF = 87380 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 [2012/06/12 03:29:53.321803, 5] lib/util_sock.c:165(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 16 IPTOS_THROUGHPUT = 16 SO_SNDBUF = 2097152 SO_RCVBUF = 2097152 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 [2012/06/12 03:29:53.324127, 10] lib/util_sock.c:680(open_socket_in) bind succeeded on port 445 [2012/06/12 03:29:53.324370, 5] lib/util_sock.c:165(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 0 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 65536 SO_RCVBUF = 87380 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 [2012/06/12 03:29:53.325433, 5] lib/util_sock.c:165(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 [2012/06/12 03:29:53.324049, 5] printing/printing.c:1667(start_background_queue) TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 start_background_queue: background LPQ thread started TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 16 IPTOS_THROUGHPUT = 16 SO_SNDBUF = 2097152 SO_RCVBUF = 2097152 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 [2012/06/12 03:29:53.326690, 10] lib/util_sock.c:680(open_socket_in) bind succeeded on port 139 [2012/06/12 03:29:53.326854, 5] lib/util_sock.c:165(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 0 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 65536 SO_RCVBUF = 87380 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 [2012/06/12 03:29:53.328352, 5] lib/util_sock.c:165(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 [2012/06/12 03:29:53.328804, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) IPTOS_LOWDELAY = 16 Locking key CF250000FFFFFFFF IPTOS_THROUGHPUT = 16 SO_SNDBUF = 2097152 SO_RCVBUF = 2097152 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 [2012/06/12 03:29:53.329719, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key CD250000FFFFFFFF [2012/06/12 03:29:53.330085, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7ffa896bc6b0 [2012/06/12 03:29:53.330333, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key CD250000FFFFFFFF [2012/06/12 03:29:53.330530, 10] smbd/process.c:920(event_add_idle) event_add_idle: idle_evt(parent_housekeeping) 0x7ffa896bc830 [2012/06/12 03:29:53.330756, 5] lib/messages.c:300(messaging_register) Overriding messaging pointer for type 1 - private_data=(nil) [2012/06/12 03:29:53.331536, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (2->1) [2012/06/12 03:29:53.331665, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (1->0) [2012/06/12 03:29:53.331976, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \winreg [2012/06/12 03:29:53.332204, 2] smbd/server.c:839(smbd_parent_loop) waiting for connections [2012/06/12 03:29:53.332585, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7ffa896beb10 [2012/06/12 03:29:53.332775, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key CF250000FFFFFFFF [2012/06/12 03:29:53.332955, 5] printing/printing.c:1703(start_background_queue) start_background_queue: background LPQ thread waiting for messages [2012/06/12 03:29:53.336108, 0] printing/print_cups.c:110(cups_connect) Unable to connect to CUPS server localhost:631 - В соединении отказано [2012/06/12 03:29:53.337097, 5] printing/print_cups.c:471(cups_async_callback) cups_async_callback: callback received for printer data. fd = 26 [2012/06/12 03:29:53.337390, 10] printing/print_cups.c:130(send_pcap_blob) successfully sent blob of len 12 [2012/06/12 03:29:53.337444, 10] printing/print_cups.c:155(recv_pcap_blob) successfully recvd blob of len 12 [2012/06/12 03:29:53.337568, 0] printing/print_cups.c:487(cups_async_callback) failed to retrieve printer list: NT_STATUS_UNSUCCESSFUL [2012/06/12 03:29:53.341308, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key CE250000FFFFFFFF [2012/06/12 03:29:53.341439, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7ffa896bd260 [2012/06/12 03:29:53.341542, 1] lib/serverid.c:197(serverid_deregister) Deleting serverid.tdb record failed: NT_STATUS_NOT_FOUND [2012/06/12 03:29:53.341667, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key CE250000FFFFFFFF [2012/06/12 03:29:53.341768, 1] smbd/server.c:309(remove_child_pid) Could not remove pid 9678 from serverid.tdb [2012/06/12 03:29:53.341874, 1] smbd/server.c:323(remove_child_pid) Could not find child 9678 -- ignoring [2012/06/12 03:29:56.059081, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key D2250000FFFFFFFF [2012/06/12 03:29:56.060263, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7ffa896a9250 [2012/06/12 03:29:56.060563, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key D2250000FFFFFFFF [2012/06/12 03:29:56.060947, 5] lib/util_sock.c:165(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 16 IPTOS_THROUGHPUT = 16 SO_SNDBUF = 2097152 SO_RCVBUF = 2097152 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 [2012/06/12 03:29:56.062026, 5] lib/util_sock.c:165(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 16 IPTOS_THROUGHPUT = 16 SO_SNDBUF = 2097152 SO_RCVBUF = 2097152 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 [2012/06/12 03:29:56.063244, 6] param/loadparm.c:7490(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue Jun 12 03:25:04 2012 [2012/06/12 03:29:56.063635, 3] lib/access.c:338(allow_access) Allowed connection from 192.168.54.2 (192.168.54.2) [2012/06/12 03:29:56.063753, 10] smbd/process.c:3019(smbd_process) Connection allowed from ipv4:192.168.54.2:50353 to ipv4:192.168.54.2:445 [2012/06/12 03:29:56.064063, 3] smbd/oplock.c:922(init_oplocks) init_oplocks: initializing messages. [2012/06/12 03:29:56.064322, 3] smbd/oplock_linux.c:226(linux_init_kernel_oplocks) Linux kernel oplocks enabled [2012/06/12 03:29:56.064425, 5] lib/messages.c:332(messaging_deregister) Deregistering messaging pointer for type 1 - private_data=(nil) [2012/06/12 03:29:56.064581, 10] smbd/process.c:920(event_add_idle) event_add_idle: idle_evt(keepalive) 0x7ffa896b83a0 [2012/06/12 03:29:56.064685, 10] smbd/process.c:920(event_add_idle) event_add_idle: idle_evt(deadtime) 0x7ffa896b7d70 [2012/06/12 03:29:56.064821, 10] smbd/process.c:920(event_add_idle) event_add_idle: idle_evt(housekeeping) 0x7ffa896b77a0 [2012/06/12 03:29:56.065179, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 190 [2012/06/12 03:29:56.065418, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xbe [2012/06/12 03:29:56.065518, 3] smbd/process.c:1662(process_smb) Transaction 0 of length 194 (0 toread) [2012/06/12 03:29:56.065617, 5] lib/util.c:332(show_msg) [2012/06/12 03:29:56.065671, 5] lib/util.c:342(show_msg) size=190 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=0 smb_pid=9681 smb_uid=0 smb_mid=1 smt_wct=0 smb_bcc=155 [2012/06/12 03:29:56.066341, 10] ../lib/util/util.c:415(dump_data) [0000] 02 50 43 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 .PC NETW ORK PROG [0010] 52 41 4D 20 31 2E 30 00 02 4D 49 43 52 4F 53 4F RAM 1.0. .MICROSO [0020] 46 54 20 4E 45 54 57 4F 52 4B 53 20 31 2E 30 33 FT NETWO RKS 1.03 [0030] 00 02 4D 49 43 52 4F 53 4F 46 54 20 4E 45 54 57 ..MICROS OFT NETW [0040] 4F 52 4B 53 20 33 2E 30 00 02 4C 41 4E 4D 41 4E ORKS 3.0 ..LANMAN [0050] 31 2E 30 00 02 4C 4D 31 2E 32 58 30 30 32 00 02 1.0..LM1 .2X002.. [0060] 44 4F 53 20 4C 41 4E 4D 41 4E 32 2E 31 00 02 4C DOS LANM AN2.1..L [0070] 41 4E 4D 41 4E 32 2E 31 00 02 53 61 6D 62 61 00 ANMAN2.1 ..Samba. [0080] 02 4E 54 20 4C 41 4E 4D 41 4E 20 31 2E 30 00 02 .NT LANM AN 1.0.. [0090] 4E 54 20 4C 4D 20 30 2E 31 32 00 NT LM 0. 12. [2012/06/12 03:29:56.067040, 3] smbd/process.c:1467(switch_message) switch message SMBnegprot (pid 9682) conn 0x0 [2012/06/12 03:29:56.067173, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/06/12 03:29:56.067889, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/06/12 03:29:56.068034, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/06/12 03:29:56.068259, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2012/06/12 03:29:56.071222, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [PC NETWORK PROGRAM 1.0] [2012/06/12 03:29:56.071769, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [MICROSOFT NETWORKS 1.03] [2012/06/12 03:29:56.071943, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [MICROSOFT NETWORKS 3.0] [2012/06/12 03:29:56.072073, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [LANMAN1.0] [2012/06/12 03:29:56.072199, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [LM1.2X002] [2012/06/12 03:29:56.072289, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [DOS LANMAN2.1] [2012/06/12 03:29:56.072394, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [LANMAN2.1] [2012/06/12 03:29:56.072492, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [Samba] [2012/06/12 03:29:56.072603, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [NT LANMAN 1.0] [2012/06/12 03:29:56.072702, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [NT LM 0.12] [2012/06/12 03:29:56.072818, 10] lib/util.c:1624(set_remote_arch) set_remote_arch: Client arch is 'Samba' [2012/06/12 03:29:56.072922, 6] param/loadparm.c:7490(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue Jun 12 03:25:04 2012 [2012/06/12 03:29:56.073139, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key D2250000FFFFFFFF [2012/06/12 03:29:56.073255, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7ffa896c5460 [2012/06/12 03:29:56.073361, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key D2250000FFFFFFFF [2012/06/12 03:29:56.073475, 6] param/loadparm.c:7490(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue Jun 12 03:25:04 2012 [2012/06/12 03:29:56.073876, 3] smbd/negprot.c:419(reply_nt1) using SPNEGO [2012/06/12 03:29:56.073977, 3] smbd/negprot.c:704(reply_negprot) Selected protocol NT LANMAN 1.0 [2012/06/12 03:29:56.074090, 5] smbd/negprot.c:711(reply_negprot) negprot index=8 [2012/06/12 03:29:56.074187, 5] lib/util.c:332(show_msg) [2012/06/12 03:29:56.074252, 5] lib/util.c:342(show_msg) size=127 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=9681 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]= 8 (0x8) smb_vwv[ 1]=12803 (0x3203) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]=65280 (0xFF00) smb_vwv[ 4]= 255 (0xFF) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]=53760 (0xD200) smb_vwv[ 8]= 37 (0x25) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]=33011 (0x80F3) smb_vwv[11]=27776 (0x6C80) smb_vwv[12]= 6000 (0x1770) smb_vwv[13]=10780 (0x2A1C) smb_vwv[14]=52552 (0xCD48) smb_vwv[15]= 4097 (0x1001) smb_vwv[16]= 255 (0xFF) smb_bcc=58 [2012/06/12 03:29:56.075687, 10] ../lib/util/util.c:415(dump_data) [0000] 6C 73 73 00 00 00 00 00 00 00 00 00 00 00 00 00 lss..... ........ [0010] 60 28 06 06 2B 06 01 05 05 02 A0 1E 30 1C A0 0E `(..+... ....0... [0020] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A3 0A 0...+... ..7..... [0030] 30 08 A0 06 1B 04 4E 4F 4E 45 0.....NO NE [2012/06/12 03:29:56.076359, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 156 [2012/06/12 03:29:56.076480, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x9c [2012/06/12 03:29:56.076577, 3] smbd/process.c:1662(process_smb) Transaction 1 of length 160 (0 toread) [2012/06/12 03:29:56.076673, 5] lib/util.c:332(show_msg) [2012/06/12 03:29:56.076725, 5] lib/util.c:342(show_msg) size=156 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=65535 smb_pid=9681 smb_uid=0 smb_mid=2 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=65535 (0xFFFF) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 1 (0x1) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 74 (0x4A) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]=53340 (0xD05C) smb_vwv[11]=32768 (0x8000) smb_bcc=97 [2012/06/12 03:29:56.077981, 10] ../lib/util/util.c:415(dump_data) [0000] 60 48 06 06 2B 06 01 05 05 02 A0 3E 30 3C A0 0E `H..+... ...>0<.. [0010] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A2 2A 0...+... ..7....* [0020] 04 28 4E 54 4C 4D 53 53 50 00 01 00 00 00 15 82 .(NTLMSS P....... [0030] 08 60 05 00 05 00 20 00 00 00 03 00 03 00 25 00 .`.... . ......%. [0040] 00 00 4C 4E 45 54 57 4C 53 53 00 55 00 6E 00 69 ..LNETWL SS.U.n.i [0050] 00 78 00 00 00 53 00 61 00 6D 00 62 00 61 00 00 .x...S.a .m.b.a.. [0060] 00 . [2012/06/12 03:29:56.078926, 3] smbd/process.c:1467(switch_message) switch message SMBsesssetupX (pid 9682) conn 0x0 [2012/06/12 03:29:56.079041, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/06/12 03:29:56.079153, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/06/12 03:29:56.079260, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/06/12 03:29:56.079419, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2012/06/12 03:29:56.079546, 3] smbd/sesssetup.c:1333(reply_sesssetup_and_X) wct=12 flg2=0xc801 [2012/06/12 03:29:56.079658, 3] smbd/sesssetup.c:1065(reply_sesssetup_and_X_spnego) Doing spnego session setup [2012/06/12 03:29:56.079786, 3] smbd/sesssetup.c:1107(reply_sesssetup_and_X_spnego) NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[] [2012/06/12 03:29:56.079900, 10] smbd/password.c:199(register_initial_vuid) register_initial_vuid: allocated vuid = 100 [2012/06/12 03:29:56.080106, 5] smbd/sesssetup.c:607(parse_spnego_mechanisms) parse_spnego_mechanisms: Got OID 1.3.6.1.4.1.311.2.2.10 [2012/06/12 03:29:56.080203, 3] smbd/sesssetup.c:660(reply_spnego_negotiate) reply_spnego_negotiate: Got secblob of size 40 [2012/06/12 03:29:56.089411, 5] auth/auth.c:495(make_auth_context_subsystem) Making default auth method list for standalone security=user, encrypt passwords = yes [2012/06/12 03:29:56.089638, 5] auth/auth.c:48(smb_register_auth) Attempting to register auth backend sam [2012/06/12 03:29:56.089756, 5] auth/auth.c:60(smb_register_auth) Successfully added auth method 'sam' [2012/06/12 03:29:56.089852, 5] auth/auth.c:48(smb_register_auth) Attempting to register auth backend sam_ignoredomain [2012/06/12 03:29:56.089949, 5] auth/auth.c:60(smb_register_auth) Successfully added auth method 'sam_ignoredomain' [2012/06/12 03:29:56.090070, 5] auth/auth.c:48(smb_register_auth) Attempting to register auth backend unix [2012/06/12 03:29:56.090252, 5] auth/auth.c:60(smb_register_auth) Successfully added auth method 'unix' [2012/06/12 03:29:56.090355, 5] auth/auth.c:48(smb_register_auth) Attempting to register auth backend winbind [2012/06/12 03:29:56.090451, 5] auth/auth.c:60(smb_register_auth) Successfully added auth method 'winbind' [2012/06/12 03:29:56.090546, 5] auth/auth.c:48(smb_register_auth) Attempting to register auth backend wbc [2012/06/12 03:29:56.091105, 5] auth/auth.c:60(smb_register_auth) Successfully added auth method 'wbc' [2012/06/12 03:29:56.091260, 5] auth/auth.c:48(smb_register_auth) Attempting to register auth backend smbserver [2012/06/12 03:29:56.091364, 5] auth/auth.c:60(smb_register_auth) Successfully added auth method 'smbserver' [2012/06/12 03:29:56.091478, 5] auth/auth.c:48(smb_register_auth) Attempting to register auth backend trustdomain [2012/06/12 03:29:56.091578, 5] auth/auth.c:60(smb_register_auth) Successfully added auth method 'trustdomain' [2012/06/12 03:29:56.091674, 5] auth/auth.c:48(smb_register_auth) Attempting to register auth backend ntdomain [2012/06/12 03:29:56.091772, 5] auth/auth.c:60(smb_register_auth) Successfully added auth method 'ntdomain' [2012/06/12 03:29:56.091868, 5] auth/auth.c:48(smb_register_auth) Attempting to register auth backend guest [2012/06/12 03:29:56.091966, 5] auth/auth.c:60(smb_register_auth) Successfully added auth method 'guest' [2012/06/12 03:29:56.092072, 5] auth/auth.c:385(load_auth_module) load_auth_module: Attempting to find an auth method to match guest [2012/06/12 03:29:56.092174, 5] auth/auth.c:410(load_auth_module) load_auth_module: auth method guest has a valid init [2012/06/12 03:29:56.092298, 5] auth/auth.c:385(load_auth_module) load_auth_module: Attempting to find an auth method to match sam [2012/06/12 03:29:56.092397, 5] auth/auth.c:410(load_auth_module) load_auth_module: auth method sam has a valid init [2012/06/12 03:29:56.092607, 3] ../libcli/auth/ntlmssp.c:34(debug_ntlmssp_flags) Got NTLMSSP neg_flags=0x60088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH [2012/06/12 03:29:56.093253, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) negotiate: struct NEGOTIATE_MESSAGE Signature : 'NTLMSSP' MessageType : NtLmNegotiate (1) NegotiateFlags : 0x60088215 (1611170325) 1: NTLMSSP_NEGOTIATE_UNICODE 0: NTLMSSP_NEGOTIATE_OEM 1: NTLMSSP_REQUEST_TARGET 1: NTLMSSP_NEGOTIATE_SIGN 0: NTLMSSP_NEGOTIATE_SEAL 0: NTLMSSP_NEGOTIATE_DATAGRAM 0: NTLMSSP_NEGOTIATE_LM_KEY 0: NTLMSSP_NEGOTIATE_NETWARE 1: NTLMSSP_NEGOTIATE_NTLM 0: NTLMSSP_NEGOTIATE_NT_ONLY 0: NTLMSSP_ANONYMOUS 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN 0: NTLMSSP_TARGET_TYPE_DOMAIN 0: NTLMSSP_TARGET_TYPE_SERVER 0: NTLMSSP_TARGET_TYPE_SHARE 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY 0: NTLMSSP_NEGOTIATE_IDENTIFY 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY 0: NTLMSSP_NEGOTIATE_TARGET_INFO 0: NTLMSSP_NEGOTIATE_VERSION 1: NTLMSSP_NEGOTIATE_128 1: NTLMSSP_NEGOTIATE_KEY_EXCH 0: NTLMSSP_NEGOTIATE_56 DomainNameLen : 0x0005 (5) DomainNameMaxLen : 0x0005 (5) DomainName : * DomainName : 'LNETW' WorkstationLen : 0x0003 (3) WorkstationMaxLen : 0x0003 (3) Workstation : * Workstation : 'LSS' [2012/06/12 03:29:56.095187, 5] auth/auth.c:99(get_ntlm_challenge) auth_get_challenge: module guest did not want to specify a challenge [2012/06/12 03:29:56.095300, 5] auth/auth.c:99(get_ntlm_challenge) auth_get_challenge: module sam did not want to specify a challenge [2012/06/12 03:29:56.095425, 5] auth/auth.c:134(get_ntlm_challenge) auth_context challenge created by random [2012/06/12 03:29:56.095528, 5] auth/auth.c:135(get_ntlm_challenge) challenge is: [2012/06/12 03:29:56.095626, 5] ../lib/util/util.c:415(dump_data) [0000] C6 41 F1 C8 3B 48 2B 76 .A..;H+v [2012/06/12 03:29:56.095765, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) challenge: struct CHALLENGE_MESSAGE Signature : 'NTLMSSP' MessageType : NtLmChallenge (0x2) TargetNameLen : 0x0006 (6) TargetNameMaxLen : 0x0006 (6) TargetName : * TargetName : 'LSS' NegotiateFlags : 0x608a8215 (1619690005) 1: NTLMSSP_NEGOTIATE_UNICODE 0: NTLMSSP_NEGOTIATE_OEM 1: NTLMSSP_REQUEST_TARGET 1: NTLMSSP_NEGOTIATE_SIGN 0: NTLMSSP_NEGOTIATE_SEAL 0: NTLMSSP_NEGOTIATE_DATAGRAM 0: NTLMSSP_NEGOTIATE_LM_KEY 0: NTLMSSP_NEGOTIATE_NETWARE 1: NTLMSSP_NEGOTIATE_NTLM 0: NTLMSSP_NEGOTIATE_NT_ONLY 0: NTLMSSP_ANONYMOUS 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN 0: NTLMSSP_TARGET_TYPE_DOMAIN 1: NTLMSSP_TARGET_TYPE_SERVER 0: NTLMSSP_TARGET_TYPE_SHARE 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY 0: NTLMSSP_NEGOTIATE_IDENTIFY 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY 1: NTLMSSP_NEGOTIATE_TARGET_INFO 0: NTLMSSP_NEGOTIATE_VERSION 1: NTLMSSP_NEGOTIATE_128 1: NTLMSSP_NEGOTIATE_KEY_EXCH 0: NTLMSSP_NEGOTIATE_56 ServerChallenge : c641f1c83b482b76 Reserved : 0000000000000000 TargetInfoLen : 0x0048 (72) TargetNameInfoMaxLen : 0x0048 (72) TargetInfo : * TargetInfo: struct AV_PAIR_LIST count : 0x00000005 (5) pair: ARRAY(5) pair: struct AV_PAIR AvId : MsvAvNbDomainName (0x2) AvLen : 0x0006 (6) Value : union ntlmssp_AvValue(case 0x2) AvNbDomainName : 'LSS' pair: struct AV_PAIR AvId : MsvAvNbComputerName (0x1) AvLen : 0x0006 (6) Value : union ntlmssp_AvValue(case 0x1) AvNbComputerName : 'LSS' pair: struct AV_PAIR AvId : MsvAvDnsDomainName (0x4) AvLen : 0x0010 (16) Value : union ntlmssp_AvValue(case 0x4) AvDnsDomainName : 'lnetw.ru' pair: struct AV_PAIR AvId : MsvAvDnsComputerName (0x3) AvLen : 0x0018 (24) Value : union ntlmssp_AvValue(case 0x3) AvDnsComputerName : 'lss.lnetw.ru' pair: struct AV_PAIR AvId : MsvAvEOL (0x0) AvLen : 0x0000 (0) Value : union ntlmssp_AvValue(case 0x0) [2012/06/12 03:29:56.099043, 5] lib/util.c:332(show_msg) [2012/06/12 03:29:56.099105, 5] lib/util.c:342(show_msg) size=262 smb_com=0x73 smb_rcls=22 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51203 smb_tid=65535 smb_pid=9681 smb_uid=100 smb_mid=2 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 156 (0x9C) smb_bcc=219 [2012/06/12 03:29:56.099908, 10] ../lib/util/util.c:415(dump_data) [0000] A1 81 99 30 81 96 A0 03 0A 01 01 A1 0C 06 0A 2B ...0.... .......+ [0010] 06 01 04 01 82 37 02 02 0A A2 81 80 04 7E 4E 54 .....7.. .....~NT [0020] 4C 4D 53 53 50 00 02 00 00 00 06 00 06 00 30 00 LMSSP... ......0. [0030] 00 00 15 82 8A 60 C6 41 F1 C8 3B 48 2B 76 00 00 .....`.A ..;H+v.. [0040] 00 00 00 00 00 00 48 00 48 00 36 00 00 00 4C 00 ......H. H.6...L. [0050] 53 00 53 00 02 00 06 00 4C 00 53 00 53 00 01 00 S.S..... L.S.S... [0060] 06 00 4C 00 53 00 53 00 04 00 10 00 6C 00 6E 00 ..L.S.S. ....l.n. [0070] 65 00 74 00 77 00 2E 00 72 00 75 00 03 00 18 00 e.t.w... r.u..... [0080] 6C 00 73 00 73 00 2E 00 6C 00 6E 00 65 00 74 00 l.s.s... l.n.e.t. [0090] 77 00 2E 00 72 00 75 00 00 00 00 00 00 55 00 6E w...r.u. .....U.n [00A0] 00 69 00 78 00 00 00 53 00 61 00 6D 00 62 00 61 .i.x...S .a.m.b.a [00B0] 00 20 00 33 00 2E 00 36 00 2E 00 35 00 2D 00 38 . .3...6 ...5.-.8 [00C0] 00 35 00 2E 00 66 00 63 00 31 00 36 00 00 00 4C .5...f.c .1.6...L [00D0] 00 4E 00 45 00 54 00 57 00 00 00 .N.E.T.W ... [2012/06/12 03:29:56.102205, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 340 [2012/06/12 03:29:56.102396, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x154 [2012/06/12 03:29:56.102514, 3] smbd/process.c:1662(process_smb) Transaction 2 of length 344 (0 toread) [2012/06/12 03:29:56.102614, 5] lib/util.c:332(show_msg) [2012/06/12 03:29:56.102668, 5] lib/util.c:342(show_msg) size=340 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=65535 smb_pid=9681 smb_uid=100 smb_mid=3 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=65535 (0xFFFF) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 1 (0x1) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 258 (0x102) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]=53340 (0xD05C) smb_vwv[11]=32768 (0x8000) smb_bcc=281 [2012/06/12 03:29:56.103836, 10] ../lib/util/util.c:415(dump_data) [0000] A1 81 FF 30 81 FC A2 81 F9 04 81 F6 4E 54 4C 4D ...0.... ....NTLM [0010] 53 53 50 00 03 00 00 00 18 00 18 00 40 00 00 00 SSP..... ....@... [0020] 74 00 74 00 58 00 00 00 0A 00 0A 00 CC 00 00 00 t.t.X... ........ [0030] 0A 00 0A 00 D6 00 00 00 06 00 06 00 E0 00 00 00 ........ ........ [0040] 10 00 10 00 E6 00 00 00 15 82 08 60 0E C1 8B 5F ........ ...`..._ [0050] 36 96 49 70 68 5F 87 DC 67 68 E6 9C AC 38 7A BB 6.Iph_.. gh...8z. [0060] C2 73 E0 7F 67 09 63 E8 73 14 04 6D DE 6E B1 7A .s..g.c. s..m.n.z [0070] 90 C9 AA 37 01 01 00 00 00 00 00 00 00 32 0C 1C ...7.... .....2.. [0080] 2A 48 CD 01 A7 14 75 FB 52 19 B1 E1 00 00 00 00 *H....u. R....... [0090] 02 00 06 00 4C 00 53 00 53 00 01 00 06 00 4C 00 ....L.S. S.....L. [00A0] 53 00 53 00 04 00 10 00 6C 00 6E 00 65 00 74 00 S.S..... l.n.e.t. [00B0] 77 00 2E 00 72 00 75 00 03 00 18 00 6C 00 73 00 w...r.u. ....l.s. [00C0] 73 00 2E 00 6C 00 6E 00 65 00 74 00 77 00 2E 00 s...l.n. e.t.w... [00D0] 72 00 75 00 00 00 00 00 4C 00 4E 00 45 00 54 00 r.u..... L.N.E.T. [00E0] 57 00 41 00 6D 00 69 00 47 00 4F 00 4C 00 53 00 W.A.m.i. G.O.L.S. [00F0] 53 00 2E 97 7D 5E 44 62 F5 85 CD 8F 65 89 DF 74 S...}^Db ....e..t [0100] 21 14 00 55 00 6E 00 69 00 78 00 00 00 53 00 61 !..U.n.i .x...S.a [0110] 00 6D 00 62 00 61 00 00 00 .m.b.a.. . [2012/06/12 03:29:56.104887, 3] smbd/process.c:1467(switch_message) switch message SMBsesssetupX (pid 9682) conn 0x0 [2012/06/12 03:29:56.104990, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/06/12 03:29:56.105088, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/06/12 03:29:56.105186, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/06/12 03:29:56.105354, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2012/06/12 03:29:56.105455, 3] smbd/sesssetup.c:1333(reply_sesssetup_and_X) wct=12 flg2=0xc801 [2012/06/12 03:29:56.105554, 3] smbd/sesssetup.c:1065(reply_sesssetup_and_X_spnego) Doing spnego session setup [2012/06/12 03:29:56.105654, 3] smbd/sesssetup.c:1107(reply_sesssetup_and_X_spnego) NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[] [2012/06/12 03:29:56.105852, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) authenticate: struct AUTHENTICATE_MESSAGE Signature : 'NTLMSSP' MessageType : NtLmAuthenticate (3) LmChallengeResponseLen : 0x0018 (24) LmChallengeResponseMaxLen: 0x0018 (24) LmChallengeResponse : * LmChallengeResponse : union ntlmssp_LM_RESPONSE(case 24) v1: struct LM_RESPONSE Response : 0ec18b5f36964970685f87dc6768e69cac387abbc273e07f NtChallengeResponseLen : 0x0074 (116) NtChallengeResponseMaxLen: 0x0074 (116) NtChallengeResponse : * NtChallengeResponse : union ntlmssp_NTLM_RESPONSE(case 116) v2: struct NTLMv2_RESPONSE Response : 670963e87314046dde6eb17a90c9aa37 Challenge: struct NTLMv2_CLIENT_CHALLENGE RespType : 0x01 (1) HiRespType : 0x01 (1) Reserved1 : 0x0000 (0) Reserved2 : 0x00000000 (0) TimeStamp : Вт. июня 12 03:29:56 2012 MSK ChallengeFromClient : a71475fb5219b1e1 Reserved3 : 0x00000000 (0) AvPairs: struct AV_PAIR_LIST count : 0x00000005 (5) pair: ARRAY(5) pair: struct AV_PAIR AvId : MsvAvNbDomainName (0x2) AvLen : 0x0006 (6) Value : union ntlmssp_AvValue(case 0x2) AvNbDomainName : 'LSS' pair: struct AV_PAIR AvId : MsvAvNbComputerName (0x1) AvLen : 0x0006 (6) Value : union ntlmssp_AvValue(case 0x1) AvNbComputerName : 'LSS' pair: struct AV_PAIR AvId : MsvAvDnsDomainName (0x4) AvLen : 0x0010 (16) Value : union ntlmssp_AvValue(case 0x4) AvDnsDomainName : 'lnetw.ru' pair: struct AV_PAIR AvId : MsvAvDnsComputerName (0x3) AvLen : 0x0018 (24) Value : union ntlmssp_AvValue(case 0x3) AvDnsComputerName : 'lss.lnetw.ru' pair: struct AV_PAIR AvId : MsvAvEOL (0x0) AvLen : 0x0000 (0) Value : union ntlmssp_AvValue(case 0x0) DomainNameLen : 0x000a (10) DomainNameMaxLen : 0x000a (10) DomainName : * DomainName : 'LNETW' UserNameLen : 0x000a (10) UserNameMaxLen : 0x000a (10) UserName : * UserName : 'AmiGO' WorkstationLen : 0x0006 (6) WorkstationMaxLen : 0x0006 (6) Workstation : * Workstation : 'LSS' EncryptedRandomSessionKeyLen: 0x0010 (16) EncryptedRandomSessionKeyMaxLen: 0x0010 (16) EncryptedRandomSessionKey: * EncryptedRandomSessionKey: DATA_BLOB length=16 [0000] 2E 97 7D 5E 44 62 F5 85 CD 8F 65 89 DF 74 21 14 ..}^Db.. ..e..t!. NegotiateFlags : 0x60088215 (1611170325) 1: NTLMSSP_NEGOTIATE_UNICODE 0: NTLMSSP_NEGOTIATE_OEM 1: NTLMSSP_REQUEST_TARGET 1: NTLMSSP_NEGOTIATE_SIGN 0: NTLMSSP_NEGOTIATE_SEAL 0: NTLMSSP_NEGOTIATE_DATAGRAM 0: NTLMSSP_NEGOTIATE_LM_KEY 0: NTLMSSP_NEGOTIATE_NETWARE 1: NTLMSSP_NEGOTIATE_NTLM 0: NTLMSSP_NEGOTIATE_NT_ONLY 0: NTLMSSP_ANONYMOUS 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN 0: NTLMSSP_TARGET_TYPE_DOMAIN 0: NTLMSSP_TARGET_TYPE_SERVER 0: NTLMSSP_TARGET_TYPE_SHARE 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY 0: NTLMSSP_NEGOTIATE_IDENTIFY 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY 0: NTLMSSP_NEGOTIATE_TARGET_INFO 0: NTLMSSP_NEGOTIATE_VERSION 1: NTLMSSP_NEGOTIATE_128 1: NTLMSSP_NEGOTIATE_KEY_EXCH 0: NTLMSSP_NEGOTIATE_56 [2012/06/12 03:29:56.110478, 3] ../libcli/auth/ntlmssp_server.c:348(ntlmssp_server_preauth) Got user=[AmiGO] domain=[LNETW] workstation=[LSS] len1=24 len2=116 [2012/06/12 03:29:56.110610, 6] param/loadparm.c:7490(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue Jun 12 03:25:04 2012 [2012/06/12 03:29:56.110875, 4] auth/user_util.c:361(map_username) Scanning username map /etc/samba/smbusers [2012/06/12 03:29:56.111044, 10] auth/user_util.c:195(user_in_list) user_in_list: checking user AmiGO in list [2012/06/12 03:29:56.111143, 10] auth/user_util.c:200(user_in_list) user_in_list: checking user |AmiGO| against |administrator| [2012/06/12 03:29:56.111282, 10] auth/user_util.c:200(user_in_list) user_in_list: checking user |AmiGO| against |admin| [2012/06/12 03:29:56.111436, 10] auth/user_util.c:195(user_in_list) user_in_list: checking user AmiGO in list [2012/06/12 03:29:56.111533, 10] auth/user_util.c:200(user_in_list) user_in_list: checking user |AmiGO| against |guest| [2012/06/12 03:29:56.111629, 10] auth/user_util.c:200(user_in_list) user_in_list: checking user |AmiGO| against |pcguest| [2012/06/12 03:29:56.111725, 10] auth/user_util.c:200(user_in_list) user_in_list: checking user |AmiGO| against |smbguest| [2012/06/12 03:29:56.111876, 5] auth/auth_util.c:110(make_user_info_map) Mapping user [LNETW]\[AmiGO] from workstation [LSS] [2012/06/12 03:29:56.112007, 5] auth/auth_util.c:131(make_user_info_map) Mapped domain from [LNETW] to [LSS] for user [AmiGO] from workstation [LSS] [2012/06/12 03:29:56.112120, 5] auth/user_info.c:59(make_user_info) attempting to make a user_info for AmiGO (AmiGO) [2012/06/12 03:29:56.112252, 5] auth/user_info.c:70(make_user_info) making strings for AmiGO's user_info struct [2012/06/12 03:29:56.112369, 5] auth/user_info.c:87(make_user_info) making blobs for AmiGO's user_info struct [2012/06/12 03:29:56.112466, 10] auth/user_info.c:123(make_user_info) made a user_info for AmiGO (AmiGO) [2012/06/12 03:29:56.112563, 3] auth/auth.c:219(check_ntlm_password) check_ntlm_password: Checking password for unmapped user [LNETW]\[AmiGO]@[LSS] with the new password interface [2012/06/12 03:29:56.112660, 3] auth/auth.c:222(check_ntlm_password) check_ntlm_password: mapped user is: [LSS]\[AmiGO]@[LSS] [2012/06/12 03:29:56.112757, 10] auth/auth.c:231(check_ntlm_password) check_ntlm_password: auth_context challenge created by random [2012/06/12 03:29:56.112866, 10] auth/auth.c:233(check_ntlm_password) challenge is: [2012/06/12 03:29:56.112961, 5] ../lib/util/util.c:415(dump_data) [0000] C6 41 F1 C8 3B 48 2B 76 .A..;H+v [2012/06/12 03:29:56.113067, 10] auth/auth_builtin.c:44(check_guest_security) Check auth for: [AmiGO] [2012/06/12 03:29:56.113163, 10] auth/auth.c:259(check_ntlm_password) check_ntlm_password: guest had nothing to say [2012/06/12 03:29:56.113300, 10] auth/auth_sam.c:75(auth_samstrict_auth) Check auth for: [AmiGO] [2012/06/12 03:29:56.113397, 8] lib/util.c:1521(is_myname) is_myname("LSS") returns 1 [2012/06/12 03:29:56.113495, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/06/12 03:29:56.113608, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/06/12 03:29:56.113704, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/06/12 03:29:56.113813, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/06/12 03:29:56.113908, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/06/12 03:29:56.114187, 5] passdb/pdb_tdb.c:562(tdbsam_getsampwnam) pdb_getsampwnam (TDB): error fetching database. Key: USER_amigo [2012/06/12 03:29:56.114342, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/06/12 03:29:56.114455, 3] auth/check_samsec.c:399(check_sam_security) check_sam_security: Couldn't find user 'AmiGO' in passdb. [2012/06/12 03:29:56.114551, 5] auth/auth.c:271(check_ntlm_password) check_ntlm_password: sam authentication for user [AmiGO] FAILED with error NT_STATUS_NO_SUCH_USER [2012/06/12 03:29:56.114674, 2] auth/auth.c:319(check_ntlm_password) check_ntlm_password: Authentication for user [AmiGO] -> [AmiGO] FAILED with error NT_STATUS_NO_SUCH_USER [2012/06/12 03:29:56.114787, 3] smbd/sesssetup.c:63(do_map_to_guest) No such user AmiGO [LNETW] - using guest account [2012/06/12 03:29:56.114930, 0] lib/fault.c:47(fault_report) =============================================================== [2012/06/12 03:29:56.115132, 0] lib/fault.c:48(fault_report) INTERNAL ERROR: Signal 11 in pid 9682 (3.6.5-85.fc16) Please read the Trouble-Shooting section of the Samba3-HOWTO [2012/06/12 03:29:56.115381, 0] lib/fault.c:50(fault_report) From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf [2012/06/12 03:29:56.115544, 0] lib/fault.c:51(fault_report) =============================================================== [2012/06/12 03:29:56.115657, 0] lib/util.c:1117(smb_panic) PANIC (pid 9682): internal error [2012/06/12 03:29:56.119905, 0] lib/util.c:1221(log_stack_trace) BACKTRACE: 21 stack frames: #0 /usr/sbin/smbd(log_stack_trace+0x1a) [0x7ffa881f952a] #1 /usr/sbin/smbd(smb_panic+0x25) [0x7ffa881f9605] #2 /usr/sbin/smbd(+0x410898) [0x7ffa881ea898] #3 /lib64/libc.so.6(+0x392d236300) [0x7ffa84939300] #4 /usr/sbin/smbd(copy_serverinfo+0x1a) [0x7ffa8824e2ea] #5 /usr/sbin/smbd(make_server_info_guest+0x10) [0x7ffa8824e4d0] #6 /usr/sbin/smbd(do_map_to_guest+0xcd) [0x7ffa87f1629d] #7 /usr/sbin/smbd(+0x13c584) [0x7ffa87f16584] #8 /usr/sbin/smbd(reply_sesssetup_and_X+0x1ad7) [0x7ffa87f18197] #9 /usr/sbin/smbd(+0x177374) [0x7ffa87f51374] #10 /usr/sbin/smbd(+0x17778b) [0x7ffa87f5178b] #11 /usr/sbin/smbd(+0x177ba3) [0x7ffa87f51ba3] #12 /usr/sbin/smbd(run_events_poll+0x34e) [0x7ffa8820932e] #13 /usr/sbin/smbd(smbd_process+0x83a) [0x7ffa87f5333a] #14 /usr/sbin/smbd(+0x68d2cf) [0x7ffa884672cf] #15 /usr/sbin/smbd(run_events_poll+0x34e) [0x7ffa8820932e] #16 /usr/sbin/smbd(+0x42f4ca) [0x7ffa882094ca] #17 /usr/sbin/smbd(_tevent_loop_once+0x90) [0x7ffa8820a050] #18 /usr/sbin/smbd(main+0xee6) [0x7ffa87ed15d6] #19 /lib64/libc.so.6(__libc_start_main+0xed) [0x7ffa8492469d] #20 /usr/sbin/smbd(+0xf7ab9) [0x7ffa87ed1ab9] [2012/06/12 03:29:56.121811, 0] lib/util.c:1122(smb_panic) smb_panic(): calling panic action [/bin/sleep 999999]