My Pastes
Public Pastes
Layout Width
Share Pastebin
Guest
Public paste!

Untitled

By: a guest | Mar 18th, 2010 | Syntax: None | Size: 11.34 KB | Hits: 144 | Expires: Never
Download | Raw | Embed | Report abuse
Copy text to clipboard
  1. 0: kd> .reboot
  2. Shutdown occurred at (Thu Mar 18 14:36:07.022 2010 (UTC + 2:00))...unloading all symbol tables.
  3. Waiting to reconnect...
  4. Connected to Windows XP 2600 x86 compatible target at (Thu Mar 18 14:36:45.082 2010 (UTC + 2:00)), ptr64 FALSE
  5. Kernel Debugger connection established.
  6. Symbol search path is: symsrv*symsrv.dll*C:\Symbols*http://msdl.microsoft.com/download/symbols
  7. Executable search path is:
  8. Windows XP Kernel Version 2600 MP (1 procs) Checked x86 compatible
  9. Built by: 2600.xpsp.080413-2133
  10. Machine Name:
  11. Kernel base = 0x80a02000 PsLoadedModuleList = 0x80b019e8
  12. System Uptime: not available
  13. MM: Loader/HAL memory block indicates large pages cannot be used for 80100000->8012777F
  14.  
  15.  
  16. Intel Storage Driver Ver: 8.2.2.1001
  17.  
  18. driver \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100317.021\navex15.sys has lower case sections (init or pagexxx)
  19. driver \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100317.021\navex15.sys has lower case sections (init or pagexxx)
  20. AFD: Read DefaultSendWindow from the registry, value: 0xfc00 (default: 0x2000))
  21.  
  22. *** Assertion failed: KeGetCurrentIrql() == PASSIVE_LEVEL
  23. ***   Source File: d:\xpsp\base\ntos\mm\sysload.c, line 7480
  24.  
  25. Break repeatedly, break Once, Ignore, terminate Process, or terminate Thread (boipt)? i
  26. i
  27.  
  28. *** Assertion failed: KeGetCurrentIrql() == PASSIVE_LEVEL
  29. ***   Source File: d:\xpsp\base\ntos\mm\sysload.c, line 7480
  30.  
  31. Break repeatedly, break Once, Ignore, terminate Process, or terminate Thread (boipt)? i
  32. i
  33.  
  34. *** Assertion failed: KeGetCurrentIrql() == PASSIVE_LEVEL
  35. ***   Source File: d:\xpsp\base\ntos\mm\sysload.c, line 7480
  36.  
  37. Break repeatedly, break Once, Ignore, terminate Process, or terminate Thread (boipt)? i
  38. i
  39.  
  40. *** Assertion failed: KeGetCurrentIrql() == PASSIVE_LEVEL
  41. ***   Source File: d:\xpsp\base\ntos\mm\sysload.c, line 7480
  42.  
  43. Break repeatedly, break Once, Ignore, terminate Process, or terminate Thread (boipt)? i
  44. i
  45.  
  46. *** Assertion failed: KeGetCurrentIrql() == PASSIVE_LEVEL
  47. ***   Source File: d:\xpsp\base\ntos\mm\sysload.c, line 7480
  48.  
  49. Break repeatedly, break Once, Ignore, terminate Process, or terminate Thread (boipt)? i
  50. i
  51.  
  52. *** Assertion failed: KeGetCurrentIrql() == PASSIVE_LEVEL
  53. ***   Source File: d:\xpsp\base\ntos\mm\sysload.c, line 7480
  54.  
  55. Break repeatedly, break Once, Ignore, terminate Process, or terminate Thread (boipt)? i
  56. i
  57. MiSessionWideReserveImageAddress: NO Code Sharing on \SystemRoot\System32\drivers\dxg.sys, Address 0xbf000000
  58. MiSessionWideReserveImageAddress: NO Code Sharing on \SystemRoot\System32\igxprd32.dll, Address 0xbf012000
  59. MiSessionWideReserveImageAddress: NO Code Sharing on \SystemRoot\System32\igxpgd32.dll, Address 0xbf024000
  60. MiSessionWideReserveImageAddress: NO Code Sharing on \SystemRoot\System32\igxprd32.dll, Address 0xbf012000
  61. MiSessionWideReserveImageAddress: NO Code Sharing on \SystemRoot\System32\igxpdv32.DLL, Address 0xbf04f000
  62. MiSessionWideReserveImageAddress: NO Code Sharing on \SystemRoot\System32\igxpdx32.DLL, Address 0xbf25b000
  63. MiSessionWideReserveImageAddress: NO Code Sharing on \SystemRoot\System32\idisw2km.dll, Address 0xbf562000
  64. MiSessionWideReserveImageAddress: NO Code Sharing on \SystemRoot\System32\idisw2km.dll, Address 0xbf562000
  65. SE:  Obsolete call:  SeImpersonateClient
  66. SE:  Obsolete call:  SeImpersonateClient
  67. SE:  Obsolete call:  SeImpersonateClient
  68. SE:  Obsolete call:  SeImpersonateClient
  69. SE:  Obsolete call:  SeImpersonateClient
  70. SE:  Obsolete call:  SeImpersonateClient
  71. ERROR: DavReadRegistryValues/RegQueryValueExW(4). WStatus = 127
  72. ERROR: DavReadRegistryValues/RegQueryValueExW(5). WStatus = 127
  73. ERROR: DavReadRegistryValues/RegQueryValueExW(6). WStatus = 127
  74. SE:  Obsolete call:  SeImpersonateClient
  75. SE:  Obsolete call:  SeImpersonateClient
  76. SE:  Obsolete call:  SeImpersonateClient
  77. 0 - KeepSCMHappyOnStart
  78. 17 - KeepSCMHappyOnStart
  79. 35 - TellSCMGoodToGo
  80. SavRoam: initializing communications
  81. SavRoam: initializing COM
  82. SavRoam: starting Transman
  83.  
  84. *** Assertion failed: (MemoryDescriptorList->MdlFlags & ( MDL_MAPPED_TO_SYSTEM_VA | MDL_SOURCE_IS_NONPAGED_POOL | MDL_PARTIAL_HAS_BEEN_MAPPED)) == 0
  85. ***   Source File: d:\xpsp\base\ntos\mm\iosup.c, line 3542
  86.  
  87. Break repeatedly, break Once, Ignore, terminate Process, or terminate Thread (boipt)? b
  88. b
  89. Execute '.cxr BA4FF87C' to dump context
  90. Break instruction exception - code 80000003 (first chance)
  91. nt!DbgBreakPoint:
  92. 80ac37e0 cc              int     3
  93. 0: kd> kn
  94.  # ChildEBP RetAddr  
  95. 00 ba4ff85c 80ac54a2 nt!DbgBreakPoint
  96. 01 ba4ffb4c 80ac54e4 nt!RtlAssert2+0x104
  97. 02 ba4ffb68 80a50d12 nt!RtlAssert+0x18
  98. 03 ba4ffbc4 80a5136e nt!MmMapLockedPagesSpecifyCache+0x72
  99. 04 ba4ffbe4 9cafe882 nt!MmMapLockedPages+0x18
  100. 05 ba4ffbf4 9caff443 uphcleanhlp!RegmonMapServiceTable+0x72
  101. 06 ba4ffc50 9caff812 uphcleanhlp!RealRegFlushKey <PERF> (uphcleanhlp+0x1443)
  102. 07 ba4ffc7c 80b3f5d9 uphcleanhlp!DriverEntry+0x13e
  103. 08 ba4ffd58 80b3f806 nt!IopLoadDriver+0x6b7
  104. 09 ba4ffd80 80ad51a9 nt!IopLoadUnloadDriver+0x78
  105. 0a ba4ffdac 80bd81ac nt!ExpWorkerThread+0x10f
  106. 0b ba4ffddc 80ae4212 nt!PspSystemThreadStartup+0x34
  107. 0c 00000000 00000000 nt!KiThreadStartup+0x16
  108. 0: kd> g
  109.  
  110. *** Assertion failed: (MemoryDescriptorList->MdlFlags & ( MDL_MAPPED_TO_SYSTEM_VA | MDL_SOURCE_IS_NONPAGED_POOL | MDL_PARTIAL_HAS_BEEN_MAPPED)) == 0
  111. ***   Source File: d:\xpsp\base\ntos\mm\iosup.c, line 3542
  112.  
  113. Break repeatedly, break Once, Ignore, terminate Process, or terminate Thread (boipt)? i
  114. i
  115.  
  116. *** Assertion failed: (MemoryDescriptorList->MdlFlags & ( MDL_PAGES_LOCKED | MDL_PARTIAL)) != 0
  117. ***   Source File: d:\xpsp\base\ntos\mm\iosup.c, line 3546
  118.  
  119. Break repeatedly, break Once, Ignore, terminate Process, or terminate Thread (boipt)? i
  120. i
  121. couldn't read disable reg flush key value 0xc0000034
  122. SavRoam: loading certs from: C:\Program Files\Symantec AntiVirus\
  123. SavRoam: loading ScsComms
  124. SavRoam: communication initialization SUCCEEDED!
  125. SE:  Obsolete call:  SeImpersonateClient
  126. SE:  Obsolete call:  SeImpersonateClient
  127. SE:  Obsolete call:  SeImpersonateClient
  128. SE:  Obsolete call:  SeImpersonateClient
  129. SE:  Obsolete call:  SeImpersonateClient
  130. SE:  Obsolete call:  SeImpersonateClient
  131. SE:  Obsolete call:  SeImpersonateClient
  132. SE:  Obsolete call:  SeImpersonateClient
  133. driver \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100317.021\navex15.sys has lower case sections (init or pagexxx)
  134. driver \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100317.021\navex15.sys has lower case sections (init or pagexxx)
  135. SE:  Obsolete call:  SeImpersonateClient
  136. CmpLinkHiveToMaster: ObOpenObjectByName for CmHive = E2E23B60 , LinkName = S-1-5-18 failed with status c0000022
  137. SE:  Obsolete call:  SeImpersonateClient
  138. LPC[ 3c4.3f4 ]: Refusing connection from 3c4.b68
  139. SE:  Obsolete call:  SeImpersonateClient
  140. SE:  Obsolete call:  SeImpersonateClient
  141. SE:  Obsolete call:  SeImpersonateClient
  142. SE:  Obsolete call:  SeImpersonateClient
  143. SE:  Obsolete call:  SeImpersonateClient
  144. SE:  Obsolete call:  SeImpersonateClient
  145. SE:  Obsolete call:  SeImpersonateClient
  146. SE:  Obsolete call:  SeImpersonateClient
  147. SE:  Obsolete call:  SeImpersonateClient
  148. LPC[ a0.3d4 ]: Refusing connection from a0.3a4
  149. SE:  Obsolete call:  SeImpersonateClient
  150. SE:  Obsolete call:  SeImpersonateClient
  151. LPC[ 410.ec0 ]: svchost.exe Attempted ReplyWaitReceive to Thread 891e3768 (explorer.exe)
  152. LPC[ 410.ec0 ]: failed.  MessageId == 19322  Client Id: c30.cb8
  153. LPC[ 410.ec0 ]:          Thread MessageId == 0  Client Id: c30.cb8
  154.  
  155.  Subkeys open inside the hive (E120E578) (\Microsoft\Windows\UsrClass.dat) :
  156.  
  157. Process 897A4D50 (PID = 410 ImageFileName = svchost.exe) (KCB = E2FB8100) :: Key \REGISTRY\USER\S-1-5-21-189481810-146959734-1386271435-77180_CLASSES
  158. Process 897A4D50 (PID = 410 ImageFileName = svchost.exe) (KCB = E2FB8100) :: Key \REGISTRY\USER\S-1-5-21-189481810-146959734-1386271435-77180_CLASSES
  159. Process 897D4768 (PID = 2e4 ImageFileName = winlogon.exe) (KCB = E2FB8100) :: Key \REGISTRY\USER\S-1-5-21-189481810-146959734-1386271435-77180_CLASSES
  160. <CSync:BeginUnload
  161. <CSync:BeginUnload
  162. MM: Session 1 image \SystemRoot\System32\drivers\dxg.sys is linked at a nonsharable address (00010000)
  163. MM: Image \SystemRoot\System32\drivers\dxg.sys has been moved to address (BF000000) by the system so it can run,
  164.  but this needs to be fixed in the image for sharing to occur.
  165. MM: Session 2 image \SystemRoot\System32\drivers\dxg.sys is linked at a nonsharable address (00010000)
  166. MM: Image \SystemRoot\System32\drivers\dxg.sys has been moved to address (BF000000) by the system so it can run,
  167.  but this needs to be fixed in the image for sharing to occur.
  168. MiSessionWideReserveImageAddress: NO Code Sharing on \SystemRoot\System32\igxprd32.dll, Address 0xbf012000
  169. MM: Session 2 image \SystemRoot\System32\igxprd32.dll is linked at a nonsharable address (00010000)
  170. MM: Image \SystemRoot\System32\igxprd32.dll has been moved to address (BF012000) by the system so it can run,
  171.  but this needs to be fixed in the image for sharing to occur.
  172. MM: Session 2 image \SystemRoot\System32\igxpgd32.dll is linked at a nonsharable address (00010000)
  173. MM: Image \SystemRoot\System32\igxpgd32.dll has been moved to address (BF024000) by the system so it can run,
  174.  but this needs to be fixed in the image for sharing to occur.
  175. MiSessionWideReserveImageAddress: NO Code Sharing on \SystemRoot\System32\igxprd32.dll, Address 0xbf012000
  176. MM: Session 2 image \SystemRoot\System32\igxprd32.dll is linked at a nonsharable address (00010000)
  177. MM: Image \SystemRoot\System32\igxprd32.dll has been moved to address (BF012000) by the system so it can run,
  178.  but this needs to be fixed in the image for sharing to occur.
  179. MM: Session 2 image \SystemRoot\System32\igxpdv32.DLL is linked at a nonsharable address (00010000)
  180. MM: Image \SystemRoot\System32\igxpdv32.DLL has been moved to address (BF04F000) by the system so it can run,
  181.  but this needs to be fixed in the image for sharing to occur.
  182. MiSessionWideReserveImageAddress: NO Code Sharing on \SystemRoot\System32\igxpdx32.DLL, Address 0xbf25b000
  183. MM: Session 2 image \SystemRoot\System32\igxpdx32.DLL is linked at a nonsharable address (00010000)
  184. MM: Image \SystemRoot\System32\igxpdx32.DLL has been moved to address (BF25B000) by the system so it can run,
  185.  but this needs to be fixed in the image for sharing to occur.
  186. MiSessionWideReserveImageAddress: NO Code Sharing on \SystemRoot\System32\idisw2km.dll, Address 0xbf562000
  187. MM: Session 2 image \SystemRoot\System32\idisw2km.dll is linked at a nonsharable address (00010000)
  188. MM: Image \SystemRoot\System32\idisw2km.dll has been moved to address (BF562000) by the system so it can run,
  189.  but this needs to be fixed in the image for sharing to occur.
  190. MiSessionWideReserveImageAddress: NO Code Sharing on \SystemRoot\System32\idisw2km.dll, Address 0xbf562000
  191. MM: Session 2 image \SystemRoot\System32\idisw2km.dll is linked at a nonsharable address (00010000)
  192. MM: Image \SystemRoot\System32\idisw2km.dll has been moved to address (BF562000) by the system so it can run,
  193.  but this needs to be fixed in the image for sharing to occur.
  194. SE:  Obsolete call:  SeImpersonateClient
  195. SE:  Obsolete call:  SeImpersonateClient
  196. SE:  Obsolete call:  SeImpersonateClient
  197. SE:  Obsolete call:  SeImpersonateClient
  198. SE:  Obsolete call:  SeImpersonateClient
  199. SE:  Obsolete call:  SeImpersonateClient
  200. SE:  Obsolete call:  SeImpersonateClient
  201. SE:  Obsolete call:  SeImpersonateClient
  202. SE:  Obsolete call:  SeImpersonateClient
  203. SE:  Obsolete call:  SeImpersonateClient
  204. SE:  Obsolete call:  SeImpersonateClient
  205. SE:  Obsolete call:  SeImpersonateClient
  206. SE:  Obsolete call:  SeImpersonateClient
create new paste | create new version of this paste RAW Paste Data