Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

My Netbook's CPU usage is 100%when idle and too slow!

Started by polepole , Oct 30 2011 02:18 PM

  • Please log in to reply

#106
RKinner
Posted 13 November 2011 - 12:47 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Right click on Start and select Explore then navigate to

c:\documents and settings\All Users\Application Data\DatacardService\HWDeviceService.exe

Right click on it and select Properties then Security.

For each Group or User Name, click on it and verify that the name has Full Control checked in the section below. If not click on Edit then click on the name that does not have full control and give it to it.




I wonder if the script didn't work because it thought Kaspersky was running?

Try it again but this time with a change:

[code=auto:0]

SecCenter::
AV: Kaspersky Internet Security *Enabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

DirLook::
C:\Program Files\Common
%user%\library

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{cacef07c-182a-4b92-941e-4bc52e0e5aca}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{fad7e09b-f099-4c45-89bc-3b29bdabf179}]

Registry::
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{cacef07c-182a-4b92-941e-4bc52e0e5aca}]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{fad7e09b-f099-4c45-89bc-3b29bdabf179}]

[\code]

Ron
  • 0

Advertisements

#107
polepole
Posted 13 November 2011 - 02:15 PM

polepole

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
I have tried to go to c:\documents and settings\All Users\Application Data\DatacardService\HWDeviceService.exe

when i right click and select Properties and then go to Security, there's no security. What is there is General, Version, Compatibility and summary.

I didnt also understand how to go about this instruction "For each Group or User Name, click on it and verify that the name has Full Control checked in the section below. If not click on Edit then click on the name that does not have full control and give it to it"

Regards
  • 0

#108
polepole
Posted 13 November 2011 - 02:47 PM

polepole

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
I have run the Combofix after dragging the txt i had copied from your last post and it started on its own. This is the log

ComboFix 11-11-13.03 - Administrator 11/13/2011 23:32:32.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.501 [GMT 3:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((( Files Created from 2011-10-13 to 2011-11-13 )))))))))))))))))))))))))))))))
.
.
2011-11-13 18:37 . 2011-11-13 18:37 -------- d-----w- c:\program files\Driver-Soft
2011-11-13 16:28 . 2011-11-13 16:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\skypePM
2011-11-13 16:24 . 2011-11-13 16:36 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype
2011-11-12 14:30 . 2011-11-12 14:30 -------- d-----w- c:\windows\system32\wbem\Repository
2011-11-12 14:29 . 2011-11-12 14:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2011-11-12 14:29 . 2011-11-13 17:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2011-11-12 14:29 . 2011-11-12 14:29 -------- d-----w- c:\program files\Kaspersky Lab
2011-11-11 19:11 . 2011-11-11 19:11 -------- d-----w- c:\program files\AVAST Software
2011-11-11 19:11 . 2011-11-11 19:11 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-11-11 15:35 . 2011-11-11 15:35 -------- d-----w- c:\windows\system32\consrv.dll
2011-11-11 15:34 . 2011-11-11 15:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Innovative Solutions
2011-11-10 20:51 . 2010-07-01 18:35 228024 ----a-w- c:\windows\system32\klogon.dll
2011-11-10 17:33 . 2011-11-11 15:35 -------- d-----w- c:\program files\IDT
2011-11-10 17:24 . 2011-11-10 21:05 -------- d-----w- C:\swsetup
2011-11-09 20:23 . 2011-11-09 20:23 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Innovative Solutions
2011-11-09 20:23 . 2011-11-09 20:23 -------- d-----w- c:\program files\Innovative Solutions
2011-11-05 21:45 . 2011-11-05 21:45 -------- d-----w- c:\program files\ESET
2011-11-04 18:40 . 2011-08-31 14:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-04 18:40 . 2011-11-04 18:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-04 17:41 . 2011-11-04 17:41 -------- d-----w- C:\_OTL
2011-11-04 17:35 . 2011-11-04 17:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Autorun Eater
2011-11-04 17:35 . 2011-11-04 17:35 -------- d-----w- c:\program files\Autorun Eater
2011-10-31 17:44 . 2011-10-31 17:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-10-31 17:35 . 2011-10-31 17:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-10-29 15:44 . 2010-11-09 11:56 27984 ----a-w- c:\windows\system32\sbbd.exe
2011-10-29 15:43 . 2010-11-09 11:56 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-10-29 15:40 . 2011-10-30 08:17 -------- d-----w- C:\VIPRERESCUE
2011-10-28 07:10 . 2011-10-28 13:14 -------- d-----w- C:\ubuntu
2011-10-23 07:42 . 2011-10-23 07:53 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Facebook
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of %user%\library ----
.
.
---- Directory of c:\program files\Common ----
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WordWeb"="c:\program files\WordWeb\wweb32.exe" [2009-11-08 65216]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"Autochartist"="c:\program files\Autochartist\Autochartist_INTERBANKFX.exe" [2011-01-25 4916560]
"DriverMax"="c:\program files\Innovative Solutions\DriverMax\devices.exe" [2011-10-19 9251240]
"DriverMax_RESTART"="c:\program files\Innovative Solutions\DriverMax\devices.exe" [2011-10-19 9251240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-06-11 273544]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-02 131072]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-02 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-02 163840]
"Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2010-06-26 167936]
"Autorun Eater"="c:\program files\Autorun Eater\oldmcdonald.exe" [2010-05-06 516216]
"autodetect"="c:\program files\Safaricom Broadband\AutoDect.exe" [2010-05-26 128864]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"avp"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-09-24 352976]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\Palm\Hotsync.exe [2008-1-3 1392640]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avp]
2010-09-24 17:12 352976 ----a-w- c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PlugPlay"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"d:\\My Documents\\Downloads\\BitTorrent-7.2.1(1).exe"=
"c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [6/9/2010 5:43 PM 11352]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [10/29/2011 6:43 PM 98392]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/4/2011 9:41 PM 366152]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [7/17/2010 10:17 PM 113664]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [8/11/2011 11:30 AM 73216]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [5/7/2010 12:06 PM 32856]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [11/2/2009 8:27 PM 19472]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [4/15/2010 3:56 PM 39424]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/4/2011 9:40 PM 22216]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 Internet Everywhere 3G+. RunOuc;Internet Everywhere 3G+. OUC;c:\program files\Internet Everywhere 3G+\UpdateDog\ouc.exe [8/6/2011 8:34 PM 218624]
S2 UDisk Monitor;UDisk Monitor;c:\program files\ZTEMT UI\bin\MonServiceUDisk.exe [10/9/2011 9:22 PM 512000]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [8/6/2010 8:58 AM 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [8/6/2010 8:58 AM 8456]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [8/11/2011 11:30 AM 102784]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [8/11/2011 11:30 AM 235392]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys --> c:\windows\system32\DRIVERS\ewusbdev.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/6/2007 11:22 PM 34064]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\drivers\CT_ZTEMT_U_USBSER.sys [10/9/2011 9:22 PM 104704]
S4 HWDeviceService.exe;HWDeviceService.exe;c:\documents and settings\All Users\Application Data\DatacardService\HWDeviceService.exe -/service --> c:\documents and settings\All Users\Application Data\DatacardService\HWDeviceService.exe -/service [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
2011-11-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-2077806209-515967899-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-13 16:06]
.
2011-11-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-2077806209-515967899-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-13 16:06]
.
2011-11-13 c:\windows\Tasks\User_Feed_Synchronization-{B104C796-8274-4204-92E1-E8EF1497D78A}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 01:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2790392
uInternet Connection Wizard,ShellNext = iexplore
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: Interfaces\{6B77C15E-2662-49C1-BA87-4398E0F21B5C}: NameServer = 41.220.238.4,196.201.231.167
TCP: Interfaces\{8541A0A8-C403-47D8-AC89-C34BB98AEEB7}: NameServer = 41.220.238.4,196.201.231.167
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnismpp1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2111809&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - TVfree Customized Web Search
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2111809&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-TaskTray - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-13 23:41
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1935655697-2077806209-515967899-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,01,da,6a,0e,83,a7,18,46,b4,e7,e1,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,01,da,6a,0e,83,a7,18,46,b4,e7,e1,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2904)
c:\documents and settings\Administrator\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
.
Completion time: 2011-11-13 23:45:00
ComboFix-quarantined-files.txt 2011-11-13 20:44
ComboFix2.txt 2011-11-13 18:00
ComboFix3.txt 2011-11-05 03:10
.
Pre-Run: 27,460,411,392 bytes free
Post-Run: 27,433,463,808 bytes free
.
- - End Of File - - 998BF303542470697F7386CF573F489E
  • 0

#109
RKinner
Posted 13 November 2011 - 08:31 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
I guess XP Home does not have the security option.

Go to:

http://www.winhelpon...-in-windows-xp/

Follow the instruction start with:
Using SubInACL

Stop when you get to: Reset.cmd Contents

Combofix worked this time and took out the stuff I asked it to. You apparently reverted back to a time before the Avast install as there is no sign of it. Just a lot of Kaspersky - some of which has been turned off in msconfig.

Ron
  • 0

#110
polepole
Posted 13 November 2011 - 11:29 PM

polepole

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
I have done what you have instructed me in the above post and it has finished running.
Regards
  • 0

#111
RKinner
Posted 14 November 2011 - 12:29 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Can you turn on P&P and see if there is any change?

If not, turn it off and download Process Monitor http://live.sysinter...com/Procmon.exe

Save it to your desktop and then turn on P&P again. Run Process Monitor.

As soon as it starts, File, then uncheck Capture Events. Once it stops,

Click on Filter, change the first box to Process Name, second box stays at IS thirdbox changes to services.exe fourth box stays at Include. Hit Add then OK.

Now click at the top of the page and then go down to the bottom of the page, hold down the shift key and click on the last line. That should highlight a full page of events.

File, Save, check Highlighted Events then OK. It should save the file to logfile.pml which should be on your desktop. Close Process Monitor. Turn off P&P and zip up the logfile.pml and attach it to a Reply. (You can also rename it to logfile.txt and attach it)

Ron
  • 0

#112
polepole
Posted 14 November 2011 - 11:34 AM

polepole

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
I have turned the play and plug and still there's no change so i will do as you had explained.
  • 0

#113
polepole
Posted 14 November 2011 - 12:37 PM

polepole

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
I am trying to run monitor process, although it is not responding. I've rebooted the netbook and try to run it .
  • 0

#114
polepole
Posted 14 November 2011 - 12:54 PM

polepole

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
the process monitor runs but when I click on file it hangs/doesn't respond at all. I don't know what to do now.
  • 0

#115
RKinner
Posted 14 November 2011 - 01:28 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
If you can't save the file then perhaps you can look at output and see if you can tell what services.exe is spending all of its time doing?

Or perhaps it will let you do a printscreen:
To do a print screen:
http://www.ehow.com/...windows-xp.html

Save it as .jpg and you can attach it to the next reply.
  • 0

Advertisements

#116
polepole
Posted 14 November 2011 - 03:30 PM

polepole

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
the monitor process went off after bringing this message.
''out of memory unable to allocate a memory block of size 50176044''

I couldn't print screen it as the netbook couldn't respond at all.
  • 0

#117
polepole
Posted 15 November 2011 - 10:31 AM

polepole

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
hi I'm trying to run process monitor right now. it is at
disconnecting from event tracing for windows (ETW). This can take up to a minute.

but it has taken over ten min.
I'll continue waiting.
  • 0

#118
RKinner
Posted 15 November 2011 - 12:51 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
I expect with CPU usage so high it will take quite a while. IF that doesn't work I have been playing with the command line options on an old XP someone gave me to fix.

If the procmon.exe file is on your desktop then:

Download the attached zip file. Save the file then right click and Extract All. Find the file pconfig.pmc and move it to your desktop. (You can click on pconfig.pmc and then Ctrl + c then move to the desktop and Ctrl + v in order to move the file)

Start, Run, cmd, OK to bring up a command window. It normally opens in C:\Documents and Settings\UserName\ where UserName is your login name. So probably c:\documents and settings\Administrator. Type:


cd  desktop

(The prompt should change to show you are at  c:\documents and settings\Administrator\desktop)

procmon.exe  /BackingFile  logfile.PML
(I use two spaces in the code box so you can be sure to see where one space goes)
(Process Monitor should open. As soon as it does, click on the X in the top right hand corner to close it. This should create a file on the desktop called logfile.pml.

You can turn off P&P and reboot. Then Open a command Window as before. Type:

cd  desktop
procmon.exe  /noconnect  /loadconfig  pconfig.pmc /openlog  logfile.pml

Process Monitor should open and show you the save filters. Just hit OK. Make sure Process Monitor is Maximized. Now you should be able to select about a page of data, then File, Save, click on Highlighted events, change Format to "Comman-Separated Values" to logfile.csv OK.

Zip up the file logfile.csv (or rename it to logfile.txt) and attach it to your nexe reply.
  • 0

#119
polepole
Posted 16 November 2011 - 10:08 AM

polepole

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
Hi
This is the log.


"Time of Day","Process Name","PID","Operation","Path","Result","Detail"
"7:45:52.5264270 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RasMan","SUCCESS","Desired Access: Read"
"7:45:52.5266153 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RasMan\PlugPlayServiceType","NAME NOT FOUND","Length: 144"
"7:45:52.5266795 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RasMan\Enum","SUCCESS","Desired Access: Read"
"7:45:52.5267586 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RasMan\Enum\Count","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"7:45:52.5268463 AM","services.exe","1772","RegQueryKey","HKLM\System\CurrentControlSet\Services\RasMan\Enum","SUCCESS","Query: Cached, SubKeys: 0, Values: 3"
"7:45:52.5268899 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RasMan\Enum","SUCCESS",""
"7:45:52.5269340 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RasMan","SUCCESS",""
"7:45:52.5269656 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RasMan","SUCCESS","Desired Access: Read"
"7:45:52.5270480 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RasMan\PlugPlayServiceType","NAME NOT FOUND","Length: 144"
"7:45:52.5271106 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RasMan\Enum","SUCCESS","Desired Access: Read"
"7:45:52.5271938 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RasMan\Enum\Count","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"7:45:52.5272863 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RasMan\Enum\0","SUCCESS","Type: REG_SZ, Length: 48, Data: Root\LEGACY_RASMAN\0000"
"7:45:52.5273866 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RasMan\Enum","SUCCESS",""
"7:45:52.5274371 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RasMan","SUCCESS",""
"7:45:52.5274779 AM","services.exe","1772","RegOpenKey","HKCC\System\CurrentControlSet\Enum","SUCCESS","Desired Access: Query Value"
"7:45:52.5276302 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Enum\Root\LEGACY_RASMAN\0000","NAME NOT FOUND","Desired Access: Query Value"
"7:45:52.5277330 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Enum","SUCCESS",""
"7:45:52.5277651 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RasMan","SUCCESS","Desired Access: Read"
"7:45:52.5278445 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RasMan\PlugPlayServiceType","NAME NOT FOUND","Length: 144"
"7:45:52.5279059 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RasMan\Enum","SUCCESS","Desired Access: Read"
"7:45:52.5279819 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RasMan\Enum\Count","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"7:45:52.5280610 AM","services.exe","1772","RegQueryKey","HKLM\System\CurrentControlSet\Services\RasMan\Enum","SUCCESS","Query: Cached, SubKeys: 0, Values: 3"
"7:45:52.5281118 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RasMan\Enum","SUCCESS",""
"7:45:52.5281674 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RasMan","SUCCESS",""
"7:45:52.5282001 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RasMan","SUCCESS","Desired Access: Read"
"7:45:52.5282794 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RasMan\PlugPlayServiceType","NAME NOT FOUND","Length: 144"
"7:45:52.5283403 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RasMan\Enum","SUCCESS","Desired Access: Read"
"7:45:52.5284174 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RasMan\Enum\Count","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"7:45:52.5285066 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RasMan\Enum\0","SUCCESS","Type: REG_SZ, Length: 48, Data: Root\LEGACY_RASMAN\0000"
"7:45:52.5286035 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RasMan\Enum","SUCCESS",""
"7:45:52.5286502 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RasMan","SUCCESS",""
"7:45:52.5286873 AM","services.exe","1772","RegOpenKey","HKCC\System\CurrentControlSet\Enum","SUCCESS","Desired Access: Query Value"
"7:45:52.5288340 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Enum\Root\LEGACY_RASMAN\0000","NAME NOT FOUND","Desired Access: Query Value"
"7:45:52.5289273 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Enum","SUCCESS",""
"7:45:52.5289605 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\TapiSrv","SUCCESS","Desired Access: Read"
"7:45:52.5290376 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\TapiSrv\PlugPlayServiceType","NAME NOT FOUND","Length: 144"
"7:45:52.5290983 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\TapiSrv\Enum","SUCCESS","Desired Access: Read"
"7:45:52.5291863 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\TapiSrv\Enum\Count","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"7:45:52.5292670 AM","services.exe","1772","RegQueryKey","HKLM\System\CurrentControlSet\Services\TapiSrv\Enum","SUCCESS","Query: Cached, SubKeys: 0, Values: 3"
"7:45:52.5293173 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\TapiSrv\Enum","SUCCESS",""
"7:45:52.5293631 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\TapiSrv","SUCCESS",""
"7:45:52.5293941 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\TapiSrv","SUCCESS","Desired Access: Read"
"7:45:52.5294729 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\TapiSrv\PlugPlayServiceType","NAME NOT FOUND","Length: 144"
"7:45:52.5295318 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\TapiSrv\Enum","SUCCESS","Desired Access: Read"
"7:45:52.5296075 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\TapiSrv\Enum\Count","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"7:45:52.5296961 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\TapiSrv\Enum\0","SUCCESS","Type: REG_SZ, Length: 50, Data: Root\LEGACY_TAPISRV\0000"
"7:45:52.5297925 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\TapiSrv\Enum","SUCCESS",""
"7:45:52.5298402 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\TapiSrv","SUCCESS",""
"7:45:52.5298891 AM","services.exe","1772","RegOpenKey","HKCC\System\CurrentControlSet\Enum","SUCCESS","Desired Access: Query Value"
"7:45:52.5300347 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Enum\Root\LEGACY_TAPISRV\0000","NAME NOT FOUND","Desired Access: Query Value"
"7:45:52.5301381 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Enum","SUCCESS",""
"7:45:52.5301707 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RpcSs","SUCCESS","Desired Access: Read"
"7:45:52.5302504 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RpcSs\PlugPlayServiceType","NAME NOT FOUND","Length: 144"
"7:45:52.5303124 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RpcSs\Enum","SUCCESS","Desired Access: Read"
"7:45:52.5303937 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RpcSs\Enum\Count","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"7:45:52.5304761 AM","services.exe","1772","RegQueryKey","HKLM\System\CurrentControlSet\Services\RpcSs\Enum","SUCCESS","Query: Cached, SubKeys: 0, Values: 3"
"7:45:52.5305289 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RpcSs\Enum","SUCCESS",""
"7:45:52.5305747 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RpcSs","SUCCESS",""
"7:45:52.5306057 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RpcSs","SUCCESS","Desired Access: Read"
"7:45:52.5306837 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RpcSs\PlugPlayServiceType","NAME NOT FOUND","Length: 144"
"7:45:52.5307446 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RpcSs\Enum","SUCCESS","Desired Access: Read"
"7:45:52.5308228 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RpcSs\Enum\Count","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"7:45:52.5309108 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RpcSs\Enum\0","SUCCESS","Type: REG_SZ, Length: 46, Data: Root\LEGACY_RPCSS\0000"
"7:45:52.5310097 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RpcSs\Enum","SUCCESS",""
"7:45:52.5310538 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RpcSs","SUCCESS",""
"7:45:52.5311083 AM","services.exe","1772","RegOpenKey","HKCC\System\CurrentControlSet\Enum","SUCCESS","Desired Access: Query Value"
"7:45:52.5312678 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Enum\Root\LEGACY_RPCSS\0000","NAME NOT FOUND","Desired Access: Query Value"
"7:45:52.5313706 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Enum","SUCCESS",""
"7:45:52.5313991 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services","SUCCESS","Desired Access: Read"
"7:45:52.5314723 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RpcSs","SUCCESS","Desired Access: Read"
"7:45:52.5315628 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services","SUCCESS",""
"7:45:52.5315958 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RpcSs\ObjectName","BUFFER OVERFLOW","Length: 12"
"7:45:52.5316620 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RpcSs\ObjectName","SUCCESS","Type: REG_SZ, Length: 56, Data: NT AUTHORITY\NetworkService"
"7:45:52.5317545 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RpcSs","SUCCESS",""
"7:45:52.5317947 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services","SUCCESS","Desired Access: Read"
"7:45:52.5318729 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\PlugPlay","SUCCESS","Desired Access: Read"
"7:45:52.5319682 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services","SUCCESS",""
"7:45:52.5320025 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\PlugPlay\ObjectName","BUFFER OVERFLOW","Length: 12"
"7:45:52.5320819 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\PlugPlay\ObjectName","SUCCESS","Type: REG_SZ, Length: 24, Data: LocalSystem"
"7:45:52.5321788 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\PlugPlay","SUCCESS",""
"7:45:52.5322118 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services","SUCCESS","Desired Access: Read"
"7:45:52.5322931 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\TapiSrv","SUCCESS","Desired Access: Read"
"7:45:52.5323878 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services","SUCCESS",""
"7:45:52.5324230 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\TapiSrv\ObjectName","BUFFER OVERFLOW","Length: 12"
"7:45:52.5324875 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\TapiSrv\ObjectName","SUCCESS","Type: REG_SZ, Length: 24, Data: LocalSystem"
"7:45:52.5325808 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\TapiSrv","SUCCESS",""
"7:45:52.5326127 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services","SUCCESS","Desired Access: Read"
"7:45:52.5326920 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RasMan","SUCCESS","Desired Access: Read"
"7:45:52.5327864 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services","SUCCESS",""
"7:45:52.5328239 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RasMan\ObjectName","BUFFER OVERFLOW","Length: 12"
"7:45:52.5328926 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RasMan\ObjectName","SUCCESS","Type: REG_SZ, Length: 24, Data: LocalSystem"
"7:45:52.5329867 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RasMan","SUCCESS",""
"7:46:43.4028931 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RasMan","SUCCESS","Desired Access: Read"
"7:46:43.4030032 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RasMan\PlugPlayServiceType","NAME NOT FOUND","Length: 144"
"7:46:43.4030895 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RasMan\Enum","SUCCESS","Desired Access: Read"
"7:46:43.4031747 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RasMan\Enum\Count","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"7:46:43.4032538 AM","services.exe","1772","RegQueryKey","HKLM\System\CurrentControlSet\Services\RasMan\Enum","SUCCESS","Query: Cached, SubKeys: 0, Values: 3"
"7:46:43.4033108 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RasMan\Enum","SUCCESS",""
"7:46:43.4033862 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RasMan","SUCCESS",""
"7:46:43.4034203 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RasMan","SUCCESS","Desired Access: Read"
"7:46:43.4035058 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RasMan\PlugPlayServiceType","NAME NOT FOUND","Length: 144"
"7:46:43.4035681 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RasMan\Enum","SUCCESS","Desired Access: Read"
"7:46:43.4036454 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RasMan\Enum\Count","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"7:46:43.4037368 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RasMan\Enum\0","SUCCESS","Type: REG_SZ, Length: 48, Data: Root\LEGACY_RASMAN\0000"
"7:46:43.4041746 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RasMan\Enum","SUCCESS",""
"7:46:43.4042343 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RasMan","SUCCESS",""
"7:46:43.4042765 AM","services.exe","1772","RegOpenKey","HKCC\System\CurrentControlSet\Enum","SUCCESS","Desired Access: Query Value"
"7:46:43.4044598 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Enum\Root\LEGACY_RASMAN\0000","NAME NOT FOUND","Desired Access: Query Value"
"7:46:43.4045629 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Enum","SUCCESS",""
"7:46:43.4045975 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RasMan","SUCCESS","Desired Access: Read"
"7:46:43.4046802 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RasMan\PlugPlayServiceType","NAME NOT FOUND","Length: 144"
"7:46:43.4047450 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RasMan\Enum","SUCCESS","Desired Access: Read"
"7:46:43.4048235 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RasMan\Enum\Count","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"7:46:43.4049079 AM","services.exe","1772","RegQueryKey","HKLM\System\CurrentControlSet\Services\RasMan\Enum","SUCCESS","Query: Cached, SubKeys: 0, Values: 3"
"7:46:43.4049624 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RasMan\Enum","SUCCESS",""
"7:46:43.4050113 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RasMan","SUCCESS",""
"7:46:43.4050423 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RasMan","SUCCESS","Desired Access: Read"
"7:46:43.4051238 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RasMan\PlugPlayServiceType","NAME NOT FOUND","Length: 144"
"7:46:43.4051867 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RasMan\Enum","SUCCESS","Desired Access: Read"
"7:46:43.4052652 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RasMan\Enum\Count","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"7:46:43.4053786 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RasMan\Enum\0","SUCCESS","Type: REG_SZ, Length: 48, Data: Root\LEGACY_RASMAN\0000"
"7:46:43.4054811 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RasMan\Enum","SUCCESS",""
"7:46:43.4055337 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RasMan","SUCCESS",""
"7:46:43.4055756 AM","services.exe","1772","RegOpenKey","HKCC\System\CurrentControlSet\Enum","SUCCESS","Desired Access: Query Value"
"7:46:43.4057404 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Enum\Root\LEGACY_RASMAN\0000","NAME NOT FOUND","Desired Access: Query Value"
"7:46:43.4060231 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Enum","SUCCESS",""
"7:46:43.4060966 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\TapiSrv","SUCCESS","Desired Access: Read"
"7:46:43.4062097 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\TapiSrv\PlugPlayServiceType","NAME NOT FOUND","Length: 144"
"7:46:43.4062740 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\TapiSrv\Enum","SUCCESS","Desired Access: Read"
"7:46:43.4063653 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\TapiSrv\Enum\Count","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"7:46:43.4064489 AM","services.exe","1772","RegQueryKey","HKLM\System\CurrentControlSet\Services\TapiSrv\Enum","SUCCESS","Query: Cached, SubKeys: 0, Values: 3"
"7:46:43.4065073 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\TapiSrv\Enum","SUCCESS",""
"7:46:43.4065550 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\TapiSrv","SUCCESS",""
"7:46:43.4066154 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\TapiSrv","SUCCESS","Desired Access: Read"
"7:46:43.4067025 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\TapiSrv\PlugPlayServiceType","NAME NOT FOUND","Length: 144"
"7:46:43.4067629 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\TapiSrv\Enum","SUCCESS","Desired Access: Read"
"7:46:43.4068419 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\TapiSrv\Enum\Count","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"7:46:43.4069302 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\TapiSrv\Enum\0","SUCCESS","Type: REG_SZ, Length: 50, Data: Root\LEGACY_TAPISRV\0000"
"7:46:43.4070302 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\TapiSrv\Enum","SUCCESS",""
"7:46:43.4070800 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\TapiSrv","SUCCESS",""
"7:46:43.4071191 AM","services.exe","1772","RegOpenKey","HKCC\System\CurrentControlSet\Enum","SUCCESS","Desired Access: Query Value"
"7:46:43.4072923 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Enum\Root\LEGACY_TAPISRV\0000","NAME NOT FOUND","Desired Access: Query Value"
"7:46:43.4073962 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Enum","SUCCESS",""
"7:46:43.4074328 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RpcSs","SUCCESS","Desired Access: Read"
"7:46:43.4075130 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RpcSs\PlugPlayServiceType","NAME NOT FOUND","Length: 144"
"7:46:43.4075725 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RpcSs\Enum","SUCCESS","Desired Access: Read"
"7:46:43.4076482 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RpcSs\Enum\Count","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"7:46:43.4077317 AM","services.exe","1772","RegQueryKey","HKLM\System\CurrentControlSet\Services\RpcSs\Enum","SUCCESS","Query: Cached, SubKeys: 0, Values: 3"
"7:46:43.4077842 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RpcSs\Enum","SUCCESS",""
"7:46:43.4078370 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RpcSs","SUCCESS",""
"7:46:43.4078694 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RpcSs","SUCCESS","Desired Access: Read"
"7:46:43.4079499 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RpcSs\PlugPlayServiceType","NAME NOT FOUND","Length: 144"
"7:46:43.4080616 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RpcSs\Enum","SUCCESS","Desired Access: Read"
"7:46:43.4081561 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RpcSs\Enum\Count","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"7:46:43.4082499 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RpcSs\Enum\0","SUCCESS","Type: REG_SZ, Length: 46, Data: Root\LEGACY_RPCSS\0000"
"7:46:43.4083466 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RpcSs\Enum","SUCCESS",""
"7:46:43.4083854 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RpcSs","SUCCESS",""
"7:46:43.4084148 AM","services.exe","1772","RegOpenKey","HKCC\System\CurrentControlSet\Enum","SUCCESS","Desired Access: Query Value"
"7:46:43.4085340 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Enum\Root\LEGACY_RPCSS\0000","NAME NOT FOUND","Desired Access: Query Value"
"7:46:43.4086125 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Enum","SUCCESS",""
"7:46:43.4086338 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services","SUCCESS","Desired Access: Read"
"7:46:43.4086941 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RpcSs","SUCCESS","Desired Access: Read"
"7:46:43.4088103 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services","SUCCESS",""
"7:46:43.4088413 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RpcSs\ObjectName","BUFFER OVERFLOW","Length: 12"
"7:46:43.4089062 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RpcSs\ObjectName","SUCCESS","Type: REG_SZ, Length: 56, Data: NT AUTHORITY\NetworkService"
"7:46:43.4089925 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RpcSs","SUCCESS",""
"7:46:43.4090227 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services","SUCCESS","Desired Access: Read"
"7:46:43.4090788 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\PlugPlay","SUCCESS","Desired Access: Read"
"7:46:43.4091531 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services","SUCCESS",""
"7:46:43.4091766 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\PlugPlay\ObjectName","BUFFER OVERFLOW","Length: 12"
"7:46:43.4092417 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\PlugPlay\ObjectName","SUCCESS","Type: REG_SZ, Length: 24, Data: LocalSystem"
"7:46:43.4093300 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\PlugPlay","SUCCESS",""
"7:46:43.4093523 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services","SUCCESS","Desired Access: Read"
"7:46:43.4094129 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\TapiSrv","SUCCESS","Desired Access: Read"
"7:46:43.4095185 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services","SUCCESS",""
"7:46:43.4095504 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\TapiSrv\ObjectName","BUFFER OVERFLOW","Length: 12"
"7:46:43.4096166 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\TapiSrv\ObjectName","SUCCESS","Type: REG_SZ, Length: 24, Data: LocalSystem"
"7:46:43.4097029 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\TapiSrv","SUCCESS",""
"7:46:43.4097364 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services","SUCCESS","Desired Access: Read"
"7:46:43.4098175 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RasMan","SUCCESS","Desired Access: Read"
"7:46:43.4099217 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services","SUCCESS",""
"7:46:43.4099557 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RasMan\ObjectName","BUFFER OVERFLOW","Length: 12"
"7:46:43.4100242 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RasMan\ObjectName","SUCCESS","Type: REG_SZ, Length: 24, Data: LocalSystem"
"7:46:43.4101239 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RasMan","SUCCESS",""
"7:47:04.4114202 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RasMan","SUCCESS","Desired Access: Read"
"7:47:04.4115473 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RasMan\PlugPlayServiceType","NAME NOT FOUND","Length: 144"
"7:47:04.4116185 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RasMan\Enum","SUCCESS","Desired Access: Read"
"7:47:04.4117138 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RasMan\Enum\Count","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"7:47:04.4118085 AM","services.exe","1772","RegQueryKey","HKLM\System\CurrentControlSet\Services\RasMan\Enum","SUCCESS","Query: Cached, SubKeys: 0, Values: 3"
"7:47:04.4124751 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RasMan\Enum","SUCCESS",""
"7:47:04.4143689 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RasMan","SUCCESS",""
"7:47:04.4144035 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RasMan","SUCCESS","Desired Access: Read"
"7:47:04.4144856 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RasMan\PlugPlayServiceType","NAME NOT FOUND","Length: 144"
"7:47:04.4145463 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RasMan\Enum","SUCCESS","Desired Access: Read"
"7:47:04.4146273 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RasMan\Enum\Count","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"7:47:04.4147228 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RasMan\Enum\0","SUCCESS","Type: REG_SZ, Length: 48, Data: Root\LEGACY_RASMAN\0000"
"7:47:04.4148287 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RasMan\Enum","SUCCESS",""
"7:47:04.4148832 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RasMan","SUCCESS",""
"7:47:04.4149254 AM","services.exe","1772","RegOpenKey","HKCC\System\CurrentControlSet\Enum","SUCCESS","Desired Access: Query Value"
"7:47:04.4151061 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Enum\Root\LEGACY_RASMAN\0000","NAME NOT FOUND","Desired Access: Query Value"
"7:47:04.4152223 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Enum","SUCCESS",""
"7:47:04.4152614 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RasMan","SUCCESS","Desired Access: Read"
"7:47:04.4153584 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RasMan\PlugPlayServiceType","NAME NOT FOUND","Length: 144"
"7:47:04.4154291 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RasMan\Enum","SUCCESS","Desired Access: Read"
"7:47:04.4155157 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RasMan\Enum\Count","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"7:47:04.4156025 AM","services.exe","1772","RegQueryKey","HKLM\System\CurrentControlSet\Services\RasMan\Enum","SUCCESS","Query: Cached, SubKeys: 0, Values: 3"
"7:47:04.4156632 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RasMan\Enum","SUCCESS",""
"7:47:04.4157165 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RasMan","SUCCESS",""
"7:47:04.4157523 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RasMan","SUCCESS","Desired Access: Read"
"7:47:04.4158517 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RasMan\PlugPlayServiceType","NAME NOT FOUND","Length: 144"
"7:47:04.4159230 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RasMan\Enum","SUCCESS","Desired Access: Read"
"7:47:04.4160180 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RasMan\Enum\Count","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"7:47:04.4161157 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RasMan\Enum\0","SUCCESS","Type: REG_SZ, Length: 48, Data: Root\LEGACY_RASMAN\0000"
"7:47:04.4162292 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RasMan\Enum","SUCCESS",""
"7:47:04.4162834 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RasMan","SUCCESS",""
"7:47:04.4163264 AM","services.exe","1772","RegOpenKey","HKCC\System\CurrentControlSet\Enum","SUCCESS","Desired Access: Query Value"
"7:47:04.4165007 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Enum\Root\LEGACY_RASMAN\0000","NAME NOT FOUND","Desired Access: Query Value"
"7:47:04.4166150 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Enum","SUCCESS",""
"7:47:04.4166560 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\TapiSrv","SUCCESS","Desired Access: Read"
"7:47:04.4167535 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\TapiSrv\PlugPlayServiceType","NAME NOT FOUND","Length: 144"
"7:47:04.4168242 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\TapiSrv\Enum","SUCCESS","Desired Access: Read"
"7:47:04.4169139 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\TapiSrv\Enum\Count","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"7:47:04.4170167 AM","services.exe","1772","RegQueryKey","HKLM\System\CurrentControlSet\Services\TapiSrv\Enum","SUCCESS","Query: Cached, SubKeys: 0, Values: 3"
"7:47:04.4170765 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\TapiSrv\Enum","SUCCESS",""
"7:47:04.4171310 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\TapiSrv","SUCCESS",""
"7:47:04.4171664 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\TapiSrv","SUCCESS","Desired Access: Read"
"7:47:04.4172628 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\TapiSrv\PlugPlayServiceType","NAME NOT FOUND","Length: 144"
"7:47:04.4173329 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\TapiSrv\Enum","SUCCESS","Desired Access: Read"
"7:47:04.4174240 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\TapiSrv\Enum\Count","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"7:47:04.4175240 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\TapiSrv\Enum\0","SUCCESS","Type: REG_SZ, Length: 50, Data: Root\LEGACY_TAPISRV\0000"
"7:47:04.4176332 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\TapiSrv\Enum","SUCCESS",""
"7:47:04.4176883 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\TapiSrv","SUCCESS",""
"7:47:04.4177305 AM","services.exe","1772","RegOpenKey","HKCC\System\CurrentControlSet\Enum","SUCCESS","Desired Access: Query Value"
"7:47:04.4179048 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Enum\Root\LEGACY_TAPISRV\0000","NAME NOT FOUND","Desired Access: Query Value"
"7:47:04.4180280 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Enum","SUCCESS",""
"7:47:04.4180691 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RpcSs","SUCCESS","Desired Access: Read"
"7:47:04.4181666 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RpcSs\PlugPlayServiceType","NAME NOT FOUND","Length: 144"
"7:47:04.4182400 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RpcSs\Enum","SUCCESS","Desired Access: Read"
"7:47:04.4183325 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RpcSs\Enum\Count","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"7:47:04.4184233 AM","services.exe","1772","RegQueryKey","HKLM\System\CurrentControlSet\Services\RpcSs\Enum","SUCCESS","Query: Cached, SubKeys: 0, Values: 3"
"7:47:04.4184834 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RpcSs\Enum","SUCCESS",""
"7:47:04.4185381 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RpcSs","SUCCESS",""
"7:47:04.4185733 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RpcSs","SUCCESS","Desired Access: Read"
"7:47:04.4186697 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RpcSs\PlugPlayServiceType","NAME NOT FOUND","Length: 144"
"7:47:04.4187407 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RpcSs\Enum","SUCCESS","Desired Access: Read"
"7:47:04.4188323 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RpcSs\Enum\Count","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"7:47:04.4189421 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RpcSs\Enum\0","SUCCESS","Type: REG_SZ, Length: 46, Data: Root\LEGACY_RPCSS\0000"
"7:47:04.4190541 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RpcSs\Enum","SUCCESS",""
"7:47:04.4191077 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RpcSs","SUCCESS",""
"7:47:04.4191513 AM","services.exe","1772","RegOpenKey","HKCC\System\CurrentControlSet\Enum","SUCCESS","Desired Access: Query Value"
"7:47:04.4193254 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Enum\Root\LEGACY_RPCSS\0000","NAME NOT FOUND","Desired Access: Query Value"
"7:47:04.4194363 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Enum","SUCCESS",""
"7:47:04.4194709 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services","SUCCESS","Desired Access: Read"
"7:47:04.4195528 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RpcSs","SUCCESS","Desired Access: Read"
"7:47:04.4196640 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services","SUCCESS",""
"7:47:04.4197039 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RpcSs\ObjectName","BUFFER OVERFLOW","Length: 12"
"7:47:04.4197779 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RpcSs\ObjectName","SUCCESS","Type: REG_SZ, Length: 56, Data: NT AUTHORITY\NetworkService"
"7:47:04.4198830 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RpcSs","SUCCESS",""
"7:47:04.4199430 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services","SUCCESS","Desired Access: Read"
"7:47:04.4200308 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\PlugPlay","SUCCESS","Desired Access: Read"
"7:47:04.4204414 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services","SUCCESS",""
"7:47:04.4204939 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\PlugPlay\ObjectName","BUFFER OVERFLOW","Length: 12"
"7:47:04.4205850 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\PlugPlay\ObjectName","SUCCESS","Type: REG_SZ, Length: 24, Data: LocalSystem"
"7:47:04.4206948 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\PlugPlay","SUCCESS",""
"7:47:04.4207345 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services","SUCCESS","Desired Access: Read"
"7:47:04.4208272 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\TapiSrv","SUCCESS","Desired Access: Read"
"7:47:04.4209367 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services","SUCCESS",""
"7:47:04.4209764 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\TapiSrv\ObjectName","BUFFER OVERFLOW","Length: 12"
"7:47:04.4210521 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\TapiSrv\ObjectName","SUCCESS","Type: REG_SZ, Length: 24, Data: LocalSystem"
"7:47:04.4211566 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\TapiSrv","SUCCESS",""
"7:47:04.4211910 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services","SUCCESS","Desired Access: Read"
"7:47:04.4212767 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RasMan","SUCCESS","Desired Access: Read"
"7:47:04.4213862 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services","SUCCESS",""
"7:47:04.4214242 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RasMan\ObjectName","BUFFER OVERFLOW","Length: 12"
"7:47:04.4214994 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RasMan\ObjectName","SUCCESS","Type: REG_SZ, Length: 24, Data: LocalSystem"
"7:47:04.4216053 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RasMan","SUCCESS",""
"7:47:16.5396381 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services","SUCCESS","Desired Access: Read"
"7:47:16.5397546 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\ProtectedStorage","SUCCESS","Desired Access: Read"
"7:47:16.5398815 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services","SUCCESS",""
"7:47:16.5399144 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services","SUCCESS","Desired Access: Read"
"7:47:16.5399887 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\ProtectedStorage","SUCCESS","Desired Access: Read"
"7:47:16.5400902 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services","SUCCESS",""
"7:47:16.5401315 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\ProtectedStorage\ImagePath","BUFFER OVERFLOW","Length: 12"
"7:47:16.5402120 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\ProtectedStorage\ImagePath","SUCCESS","Type: REG_EXPAND_SZ, Length: 64, Data: %SystemRoot%\system32\lsass.exe"
"7:47:16.5403078 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\ProtectedStorage","SUCCESS",""
"7:47:16.5403343 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services","SUCCESS","Desired Access: Read"
"7:47:16.5404139 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\ProtectedStorage","SUCCESS","Desired Access: Read"
"7:47:16.5405095 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services","SUCCESS",""
"7:47:16.5405452 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\ProtectedStorage\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: 288"
"7:47:16.5406399 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\ProtectedStorage\Start","SUCCESS","Type: REG_DWORD, Length: 4, Data: 2"
"7:47:16.5407207 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\ProtectedStorage\ErrorControl","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"7:47:16.5407953 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\ProtectedStorage\Tag","NAME NOT FOUND","Length: 16"
"7:47:16.5408576 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\ProtectedStorage\DependOnService","BUFFER OVERFLOW","Length: 12"
"7:47:16.5409210 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\ProtectedStorage\DependOnService","SUCCESS","Type: REG_MULTI_SZ, Length: 14, Data: RpcSs"
"7:47:16.5409992 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\ProtectedStorage\DependOnGroup","NAME NOT FOUND","Length: 12"
"7:47:16.5410596 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\ProtectedStorage\Group","NAME NOT FOUND","Length: 12"
"7:47:16.5411191 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\ProtectedStorage\DisplayName","BUFFER OVERFLOW","Length: 12"
"7:47:16.5411802 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\ProtectedStorage\DisplayName","SUCCESS","Type: REG_SZ, Length: 36, Data: Protected Storage"
"7:47:16.5412895 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\ProtectedStorage","SUCCESS",""
"7:47:16.5413328 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\ProtectedStorage\ObjectName","BUFFER OVERFLOW","Length: 12"
"7:47:16.5414037 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\ProtectedStorage\ObjectName","SUCCESS","Type: REG_SZ, Length: 24, Data: LocalSystem"
"7:47:16.5415093 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\ProtectedStorage","SUCCESS",""
"7:47:25.7143654 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RasMan","SUCCESS","Desired Access: Read"
"7:47:25.7144771 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RasMan\PlugPlayServiceType","NAME NOT FOUND","Length: 144"
"7:47:25.7145394 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RasMan\Enum","SUCCESS","Desired Access: Read"
"7:47:25.7146246 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RasMan\Enum\Count","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"7:47:25.7147096 AM","services.exe","1772","RegQueryKey","HKLM\System\CurrentControlSet\Services\RasMan\Enum","SUCCESS","Query: Cached, SubKeys: 0, Values: 3"
"7:47:25.7147797 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RasMan\Enum","SUCCESS",""
"7:47:25.7148277 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RasMan","SUCCESS",""
"7:47:25.7148596 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RasMan","SUCCESS","Desired Access: Read"
"7:47:25.7149504 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RasMan\PlugPlayServiceType","NAME NOT FOUND","Length: 144"
"7:47:25.7150129 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RasMan\Enum","SUCCESS","Desired Access: Read"
"7:47:25.7150923 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RasMan\Enum\Count","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"7:47:25.7151875 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RasMan\Enum\0","SUCCESS","Type: REG_SZ, Length: 48, Data: Root\LEGACY_RASMAN\0000"
"7:47:25.7152931 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RasMan\Enum","SUCCESS",""
"7:47:25.7153532 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RasMan","SUCCESS",""
"7:47:25.7153940 AM","services.exe","1772","RegOpenKey","HKCC\System\CurrentControlSet\Enum","SUCCESS","Desired Access: Query Value"
"7:47:25.7155770 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Enum\Root\LEGACY_RASMAN\0000","NAME NOT FOUND","Desired Access: Query Value"
"7:47:25.7156971 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Enum","SUCCESS",""
"7:47:25.7157468 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RasMan","SUCCESS","Desired Access: Read"
"7:47:25.7158292 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RasMan\PlugPlayServiceType","NAME NOT FOUND","Length: 144"
"7:47:25.7158915 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RasMan\Enum","SUCCESS","Desired Access: Read"
"7:47:25.7159678 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RasMan\Enum\Count","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"7:47:25.7160505 AM","services.exe","1772","RegQueryKey","HKLM\System\CurrentControlSet\Services\RasMan\Enum","SUCCESS","Query: Cached, SubKeys: 0, Values: 3"
"7:47:25.7161019 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RasMan\Enum","SUCCESS",""
"7:47:25.7161477 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RasMan","SUCCESS",""
"7:47:25.7161785 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RasMan","SUCCESS","Desired Access: Read"
"7:47:25.7162539 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RasMan\PlugPlayServiceType","NAME NOT FOUND","Length: 144"
"7:47:25.7163117 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RasMan\Enum","SUCCESS","Desired Access: Read"
"7:47:25.7163863 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RasMan\Enum\Count","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"7:47:25.7164771 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RasMan\Enum\0","SUCCESS","Type: REG_SZ, Length: 48, Data: Root\LEGACY_RASMAN\0000"
"7:47:25.7165757 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RasMan\Enum","SUCCESS",""
"7:47:25.7166229 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RasMan","SUCCESS",""
"7:47:25.7166618 AM","services.exe","1772","RegOpenKey","HKCC\System\CurrentControlSet\Enum","SUCCESS","Desired Access: Query Value"
"7:47:25.7168146 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Enum\Root\LEGACY_RASMAN\0000","NAME NOT FOUND","Desired Access: Query Value"
"7:47:25.7169084 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Enum","SUCCESS",""
"7:47:25.7169417 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\TapiSrv","SUCCESS","Desired Access: Read"
"7:47:25.7170196 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\TapiSrv\PlugPlayServiceType","NAME NOT FOUND","Length: 144"
"7:47:25.7170788 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\TapiSrv\Enum","SUCCESS","Desired Access: Read"
"7:47:25.7171534 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\TapiSrv\Enum\Count","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"7:47:25.7172342 AM","services.exe","1772","RegQueryKey","HKLM\System\CurrentControlSet\Services\TapiSrv\Enum","SUCCESS","Query: Cached, SubKeys: 0, Values: 3"
"7:47:25.7172825 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\TapiSrv\Enum","SUCCESS",""
"7:47:25.7173306 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\TapiSrv","SUCCESS",""
"7:47:25.7173593 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\TapiSrv","SUCCESS","Desired Access: Read"
"7:47:25.7174417 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\TapiSrv\PlugPlayServiceType","NAME NOT FOUND","Length: 144"
"7:47:25.7175057 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\TapiSrv\Enum","SUCCESS","Desired Access: Read"
"7:47:25.7175873 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\TapiSrv\Enum\Count","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"7:47:25.7176909 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\TapiSrv\Enum\0","SUCCESS","Type: REG_SZ, Length: 50, Data: Root\LEGACY_TAPISRV\0000"
"7:47:25.7177960 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\TapiSrv\Enum","SUCCESS",""
"7:47:25.7178424 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\TapiSrv","SUCCESS",""
"7:47:25.7178820 AM","services.exe","1772","RegOpenKey","HKCC\System\CurrentControlSet\Enum","SUCCESS","Desired Access: Query Value"
"7:47:25.7180427 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Enum\Root\LEGACY_TAPISRV\0000","NAME NOT FOUND","Desired Access: Query Value"
"7:47:25.7181382 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Enum","SUCCESS",""
"7:47:25.7181751 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RpcSs","SUCCESS","Desired Access: Read"
"7:47:25.7182594 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RpcSs\PlugPlayServiceType","NAME NOT FOUND","Length: 144"
"7:47:25.7183223 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RpcSs\Enum","SUCCESS","Desired Access: Read"
"7:47:25.7184022 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RpcSs\Enum\Count","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"7:47:25.7184841 AM","services.exe","1772","RegQueryKey","HKLM\System\CurrentControlSet\Services\RpcSs\Enum","SUCCESS","Query: Cached, SubKeys: 0, Values: 3"
"7:47:25.7185385 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RpcSs\Enum","SUCCESS",""
"7:47:25.7185849 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RpcSs","SUCCESS",""
"7:47:25.7186176 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RpcSs","SUCCESS","Desired Access: Read"
"7:47:25.7187115 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RpcSs\PlugPlayServiceType","NAME NOT FOUND","Length: 144"
"7:47:25.7187710 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RpcSs\Enum","SUCCESS","Desired Access: Read"
"7:47:25.7188545 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RpcSs\Enum\Count","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"7:47:25.7189484 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RpcSs\Enum\0","SUCCESS","Type: REG_SZ, Length: 46, Data: Root\LEGACY_RPCSS\0000"
"7:47:25.7190506 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RpcSs\Enum","SUCCESS",""
"7:47:25.7190947 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RpcSs","SUCCESS",""
"7:47:25.7191347 AM","services.exe","1772","RegOpenKey","HKCC\System\CurrentControlSet\Enum","SUCCESS","Desired Access: Query Value"
"7:47:25.7192914 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Enum\Root\LEGACY_RPCSS\0000","NAME NOT FOUND","Desired Access: Query Value"
"7:47:25.7193939 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Enum","SUCCESS",""
"7:47:25.7194272 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services","SUCCESS","Desired Access: Read"
"7:47:25.7195026 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RpcSs","SUCCESS","Desired Access: Read"
"7:47:25.7195973 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services","SUCCESS",""
"7:47:25.7196306 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RpcSs\ObjectName","BUFFER OVERFLOW","Length: 12"
"7:47:25.7197155 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RpcSs\ObjectName","SUCCESS","Type: REG_SZ, Length: 56, Data: NT AUTHORITY\NetworkService"
"7:47:25.7198136 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RpcSs","SUCCESS",""
"7:47:25.7198594 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services","SUCCESS","Desired Access: Read"
"7:47:25.7199409 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\PlugPlay","SUCCESS","Desired Access: Read"
"7:47:25.7200412 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services","SUCCESS",""
"7:47:25.7200773 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\PlugPlay\ObjectName","BUFFER OVERFLOW","Length: 12"
"7:47:25.7201446 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\PlugPlay\ObjectName","SUCCESS","Type: REG_SZ, Length: 24, Data: LocalSystem"
"7:47:25.7202432 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\PlugPlay","SUCCESS",""
"7:47:25.7202781 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services","SUCCESS","Desired Access: Read"
"7:47:25.7203566 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\TapiSrv","SUCCESS","Desired Access: Read"
"7:47:25.7204511 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services","SUCCESS",""
"7:47:25.7204851 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\TapiSrv\ObjectName","BUFFER OVERFLOW","Length: 12"
"7:47:25.7205497 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\TapiSrv\ObjectName","SUCCESS","Type: REG_SZ, Length: 24, Data: LocalSystem"
"7:47:25.7206528 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\TapiSrv","SUCCESS",""
"7:47:25.7206843 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services","SUCCESS","Desired Access: Read"
"7:47:25.7207645 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RasMan","SUCCESS","Desired Access: Read"
"7:47:25.7208726 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services","SUCCESS",""
"7:47:25.7209115 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RasMan\ObjectName","BUFFER OVERFLOW","Length: 12"
"7:47:25.7209838 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RasMan\ObjectName","SUCCESS","Type: REG_SZ, Length: 24, Data: LocalSystem"
"7:47:25.7210833 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RasMan","SUCCESS",""
"7:47:25.7251547 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RasMan","SUCCESS","Desired Access: Read"
"7:47:25.7252849 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RasMan\PlugPlayServiceType","NAME NOT FOUND","Length: 144"
"7:47:25.7253531 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RasMan\Enum","SUCCESS","Desired Access: Read"
"7:47:25.7254349 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RasMan\Enum\Count","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"7:47:25.7255210 AM","services.exe","1772","RegQueryKey","HKLM\System\CurrentControlSet\Services\RasMan\Enum","SUCCESS","Query: Cached, SubKeys: 0, Values: 3"
"7:47:25.7255819 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RasMan\Enum","SUCCESS",""
"7:47:25.7256355 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RasMan","SUCCESS",""
"7:47:25.7256688 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RasMan","SUCCESS","Desired Access: Read"
"7:47:25.7257618 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RasMan\PlugPlayServiceType","NAME NOT FOUND","Length: 144"
"7:47:25.7258283 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RasMan\Enum","SUCCESS","Desired Access: Read"
"7:47:25.7259087 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RasMan\Enum\Count","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"7:47:25.7260093 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RasMan\Enum\0","SUCCESS","Type: REG_SZ, Length: 48, Data: Root\LEGACY_RASMAN\0000"
"7:47:25.7261121 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RasMan\Enum","SUCCESS",""
"7:47:25.7261658 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RasMan","SUCCESS",""
"7:47:25.7262091 AM","services.exe","1772","RegOpenKey","HKCC\System\CurrentControlSet\Enum","SUCCESS","Desired Access: Query Value"
"7:47:25.7263887 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Enum\Root\LEGACY_RASMAN\0000","NAME NOT FOUND","Desired Access: Query Value"
"7:47:25.7264976 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Enum","SUCCESS",""
"7:47:25.7265365 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RasMan","SUCCESS","Desired Access: Read"
"7:47:25.7266222 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RasMan\PlugPlayServiceType","NAME NOT FOUND","Length: 144"
"7:47:25.7266865 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RasMan\Enum","SUCCESS","Desired Access: Read"
"7:47:25.7267720 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RasMan\Enum\Count","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"7:47:25.7268555 AM","services.exe","1772","RegQueryKey","HKLM\System\CurrentControlSet\Services\RasMan\Enum","SUCCESS","Query: Cached, SubKeys: 0, Values: 3"
"7:47:25.7269212 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RasMan\Enum","SUCCESS",""
"7:47:25.7269731 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RasMan","SUCCESS",""
"7:47:25.7270050 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RasMan","SUCCESS","Desired Access: Read"
"7:47:25.7270938 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RasMan\PlugPlayServiceType","NAME NOT FOUND","Length: 144"
"7:47:25.7271589 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RasMan\Enum","SUCCESS","Desired Access: Read"
"7:47:25.7272430 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RasMan\Enum\Count","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"7:47:25.7273366 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RasMan\Enum\0","SUCCESS","Type: REG_SZ, Length: 48, Data: Root\LEGACY_RASMAN\0000"
"7:47:25.7274422 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RasMan\Enum","SUCCESS",""
"7:47:25.7274936 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RasMan","SUCCESS",""
"7:47:25.7275366 AM","services.exe","1772","RegOpenKey","HKCC\System\CurrentControlSet\Enum","SUCCESS","Desired Access: Query Value"
"7:47:25.7276986 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Enum\Root\LEGACY_RASMAN\0000","NAME NOT FOUND","Desired Access: Query Value"
"7:47:25.7278101 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Enum","SUCCESS",""
"7:47:25.7278531 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\TapiSrv","SUCCESS","Desired Access: Read"
"7:47:25.7279436 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\TapiSrv\PlugPlayServiceType","NAME NOT FOUND","Length: 144"
"7:47:25.7280096 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\TapiSrv\Enum","SUCCESS","Desired Access: Read"
"7:47:25.7280951 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\TapiSrv\Enum\Count","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"7:47:25.7281805 AM","services.exe","1772","RegQueryKey","HKLM\System\CurrentControlSet\Services\TapiSrv\Enum","SUCCESS","Query: Cached, SubKeys: 0, Values: 3"
"7:47:25.7282359 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\TapiSrv\Enum","SUCCESS",""
"7:47:25.7282833 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\TapiSrv","SUCCESS",""
"7:47:25.7283138 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\TapiSrv","SUCCESS","Desired Access: Read"
"7:47:25.7284010 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\TapiSrv\PlugPlayServiceType","NAME NOT FOUND","Length: 144"
"7:47:25.7284655 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\TapiSrv\Enum","SUCCESS","Desired Access: Read"
"7:47:25.7285404 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\TapiSrv\Enum\Count","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"7:47:25.7286292 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\TapiSrv\Enum\0","SUCCESS","Type: REG_SZ, Length: 50, Data: Root\LEGACY_TAPISRV\0000"
"7:47:25.7287287 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\TapiSrv\Enum","SUCCESS",""
"7:47:25.7287837 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\TapiSrv","SUCCESS",""
"7:47:25.7288228 AM","services.exe","1772","RegOpenKey","HKCC\System\CurrentControlSet\Enum","SUCCESS","Desired Access: Query Value"
"7:47:25.7289818 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Enum\Root\LEGACY_TAPISRV\0000","NAME NOT FOUND","Desired Access: Query Value"
"7:47:25.7290851 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Enum","SUCCESS",""
"7:47:25.7291184 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RpcSs","SUCCESS","Desired Access: Read"
"7:47:25.7291988 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RpcSs\PlugPlayServiceType","NAME NOT FOUND","Length: 144"
"7:47:25.7292625 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RpcSs\Enum","SUCCESS","Desired Access: Read"
"7:47:25.7293458 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RpcSs\Enum\Count","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"7:47:25.7294528 AM","services.exe","1772","RegQueryKey","HKLM\System\CurrentControlSet\Services\RpcSs\Enum","SUCCESS","Query: Cached, SubKeys: 0, Values: 3"
"7:47:25.7295100 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RpcSs\Enum","SUCCESS",""
"7:47:25.7295782 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RpcSs","SUCCESS",""
"7:47:25.7296123 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RpcSs","SUCCESS","Desired Access: Read"
"7:47:25.7296972 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RpcSs\PlugPlayServiceType","NAME NOT FOUND","Length: 144"
"7:47:25.7297606 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RpcSs\Enum","SUCCESS","Desired Access: Read"
"7:47:25.7298453 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RpcSs\Enum\Count","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"7:47:25.7299350 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RpcSs\Enum\0","SUCCESS","Type: REG_SZ, Length: 46, Data: Root\LEGACY_RPCSS\0000"
"7:47:25.7300341 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RpcSs\Enum","SUCCESS",""
"7:47:25.7300830 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RpcSs","SUCCESS",""
"7:47:25.7301210 AM","services.exe","1772","RegOpenKey","HKCC\System\CurrentControlSet\Enum","SUCCESS","Desired Access: Query Value"
"7:47:25.7302755 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Enum\Root\LEGACY_RPCSS\0000","NAME NOT FOUND","Desired Access: Query Value"
"7:47:25.7303766 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Enum","SUCCESS",""
"7:47:25.7304322 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services","SUCCESS","Desired Access: Read"
"7:47:25.7305102 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RpcSs","SUCCESS","Desired Access: Read"
"7:47:25.7306054 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services","SUCCESS",""
"7:47:25.7306378 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RpcSs\ObjectName","BUFFER OVERFLOW","Length: 12"
"7:47:25.7307057 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RpcSs\ObjectName","SUCCESS","Type: REG_SZ, Length: 56, Data: NT AUTHORITY\NetworkService"
"7:47:25.7308024 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RpcSs","SUCCESS",""
"7:47:25.7308421 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services","SUCCESS","Desired Access: Read"
"7:47:25.7310010 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\PlugPlay","SUCCESS","Desired Access: Read"
"7:47:25.7311119 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services","SUCCESS",""
"7:47:25.7311499 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\PlugPlay\ObjectName","BUFFER OVERFLOW","Length: 12"
"7:47:25.7312203 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\PlugPlay\ObjectName","SUCCESS","Type: REG_SZ, Length: 24, Data: LocalSystem"
"7:47:25.7313145 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\PlugPlay","SUCCESS",""
"7:47:25.7313491 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services","SUCCESS","Desired Access: Read"
"7:47:25.7314363 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\TapiSrv","SUCCESS","Desired Access: Read"
"7:47:25.7315332 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services","SUCCESS",""
"7:47:25.7315690 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\TapiSrv\ObjectName","BUFFER OVERFLOW","Length: 12"
"7:47:25.7316343 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\TapiSrv\ObjectName","SUCCESS","Type: REG_SZ, Length: 24, Data: LocalSystem"
"7:47:25.7317299 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\TapiSrv","SUCCESS",""
"7:47:25.7317592 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services","SUCCESS","Desired Access: Read"
"7:47:25.7318374 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RasMan","SUCCESS","Desired Access: Read"
"7:47:25.7319338 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services","SUCCESS",""
"7:47:25.7319696 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RasMan\ObjectName","BUFFER OVERFLOW","Length: 12"
"7:47:25.7320355 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RasMan\ObjectName","SUCCESS","Type: REG_SZ, Length: 24, Data: LocalSystem"
"7:47:25.7321327 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RasMan","SUCCESS",""
"7:47:28.2692474 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RasMan","SUCCESS","Desired Access: Read"
"7:47:28.2693739 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RasMan\PlugPlayServiceType","NAME NOT FOUND","Length: 144"
"7:47:28.2694451 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RasMan\Enum","SUCCESS","Desired Access: Read"
"7:47:28.2695248 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RasMan\Enum\Count","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"7:47:28.2696111 AM","services.exe","1772","RegQueryKey","HKLM\System\CurrentControlSet\Services\RasMan\Enum","SUCCESS","Query: Cached, SubKeys: 0, Values: 3"
"7:47:28.2696681 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RasMan\Enum","SUCCESS",""
"7:47:28.2697200 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RasMan","SUCCESS",""
"7:47:28.2697530 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RasMan","SUCCESS","Desired Access: Read"
"7:47:28.2698402 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RasMan\PlugPlayServiceType","NAME NOT FOUND","Length: 144"
"7:47:28.2701095 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RasMan\Enum","SUCCESS","Desired Access: Read"
"7:47:28.2702151 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RasMan\Enum\Count","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"7:47:28.2703142 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RasMan\Enum\0","SUCCESS","Type: REG_SZ, Length: 48, Data: Root\LEGACY_RASMAN\0000"
"7:47:28.2704305 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RasMan\Enum","SUCCESS",""
"7:47:28.2704844 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RasMan","SUCCESS",""
"7:47:28.2705274 AM","services.exe","1772","RegOpenKey","HKCC\System\CurrentControlSet\Enum","SUCCESS","Desired Access: Query Value"
"7:47:28.2706984 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Enum\Root\LEGACY_RASMAN\0000","NAME NOT FOUND","Desired Access: Query Value"
"7:47:28.2708333 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Enum","SUCCESS",""
"7:47:28.2708747 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RasMan","SUCCESS","Desired Access: Read"
"7:47:28.2709713 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RasMan\PlugPlayServiceType","NAME NOT FOUND","Length: 144"
"7:47:28.2710395 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RasMan\Enum","SUCCESS","Desired Access: Read"
"7:47:28.2711283 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RasMan\Enum\Count","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"7:47:28.2712152 AM","services.exe","1772","RegQueryKey","HKLM\System\CurrentControlSet\Services\RasMan\Enum","SUCCESS","Query: Cached, SubKeys: 0, Values: 3"
"7:47:28.2712711 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RasMan\Enum","SUCCESS",""
"7:47:28.2713264 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RasMan","SUCCESS",""
"7:47:28.2713577 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RasMan","SUCCESS","Desired Access: Read"
"7:47:28.2714381 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RasMan\PlugPlayServiceType","NAME NOT FOUND","Length: 144"
"7:47:28.2715013 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RasMan\Enum","SUCCESS","Desired Access: Read"
"7:47:28.2715764 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RasMan\Enum\Count","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"7:47:28.2716672 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RasMan\Enum\0","SUCCESS","Type: REG_SZ, Length: 48, Data: Root\LEGACY_RASMAN\0000"
"7:47:28.2717697 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RasMan\Enum","SUCCESS",""
"7:47:28.2718197 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RasMan","SUCCESS",""
"7:47:28.2718597 AM","services.exe","1772","RegOpenKey","HKCC\System\CurrentControlSet\Enum","SUCCESS","Desired Access: Query Value"
"7:47:28.2720128 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Enum\Root\LEGACY_RASMAN\0000","NAME NOT FOUND","Desired Access: Query Value"
"7:47:28.2721131 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Enum","SUCCESS",""
"7:47:28.2721511 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\TapiSrv","SUCCESS","Desired Access: Read"
"7:47:28.2723064 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\TapiSrv\PlugPlayServiceType","NAME NOT FOUND","Length: 144"
"7:47:28.2723843 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\TapiSrv\Enum","SUCCESS","Desired Access: Read"
"7:47:28.2724701 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\TapiSrv\Enum\Count","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"7:47:28.2725662 AM","services.exe","1772","RegQueryKey","HKLM\System\CurrentControlSet\Services\TapiSrv\Enum","SUCCESS","Query: Cached, SubKeys: 0, Values: 3"
"7:47:28.2726246 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\TapiSrv\Enum","SUCCESS",""
"7:47:28.2727126 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\TapiSrv","SUCCESS",""
"7:47:28.2727492 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\TapiSrv","SUCCESS","Desired Access: Read"
"7:47:28.2728433 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\TapiSrv\PlugPlayServiceType","NAME NOT FOUND","Length: 144"
"7:47:28.2729054 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\TapiSrv\Enum","SUCCESS","Desired Access: Read"
"7:47:28.2729839 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\TapiSrv\Enum\Count","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"7:47:28.2730766 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\TapiSrv\Enum\0","SUCCESS","Type: REG_SZ, Length: 50, Data: Root\LEGACY_TAPISRV\0000"
"7:47:28.2731775 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\TapiSrv\Enum","SUCCESS",""
"7:47:28.2732258 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\TapiSrv","SUCCESS",""
"7:47:28.2732660 AM","services.exe","1772","RegOpenKey","HKCC\System\CurrentControlSet\Enum","SUCCESS","Desired Access: Query Value"
"7:47:28.2734244 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Enum\Root\LEGACY_TAPISRV\0000","NAME NOT FOUND","Desired Access: Query Value"
"7:47:28.2735303 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Enum","SUCCESS",""
"7:47:28.2735661 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RpcSs","SUCCESS","Desired Access: Read"
"7:47:28.2736535 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RpcSs\PlugPlayServiceType","NAME NOT FOUND","Length: 144"
"7:47:28.2737180 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RpcSs\Enum","SUCCESS","Desired Access: Read"
"7:47:28.2737993 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RpcSs\Enum\Count","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"7:47:28.2738798 AM","services.exe","1772","RegQueryKey","HKLM\System\CurrentControlSet\Services\RpcSs\Enum","SUCCESS","Query: Cached, SubKeys: 0, Values: 3"
"7:47:28.2739359 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RpcSs\Enum","SUCCESS",""
"7:47:28.2739854 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RpcSs","SUCCESS",""
"7:47:28.2740178 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RpcSs","SUCCESS","Desired Access: Read"
"7:47:28.2741052 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RpcSs\PlugPlayServiceType","NAME NOT FOUND","Length: 144"
"7:47:28.2741698 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RpcSs\Enum","SUCCESS","Desired Access: Read"
"7:47:28.2742491 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RpcSs\Enum\Count","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"7:47:28.2743427 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RpcSs\Enum\0","SUCCESS","Type: REG_SZ, Length: 46, Data: Root\LEGACY_RPCSS\0000"
"7:47:28.2744578 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RpcSs\Enum","SUCCESS",""
"7:47:28.2745064 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RpcSs","SUCCESS",""
"7:47:28.2745461 AM","services.exe","1772","RegOpenKey","HKCC\System\CurrentControlSet\Enum","SUCCESS","Desired Access: Query Value"
"7:47:28.2747056 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Enum\Root\LEGACY_RPCSS\0000","NAME NOT FOUND","Desired Access: Query Value"
"7:47:28.2748076 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Enum","SUCCESS",""
"7:47:28.2748380 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services","SUCCESS","Desired Access: Read"
"7:47:28.2749123 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RpcSs","SUCCESS","Desired Access: Read"
"7:47:28.2750051 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services","SUCCESS",""
"7:47:28.2750391 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RpcSs\ObjectName","BUFFER OVERFLOW","Length: 12"
"7:47:28.2751059 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RpcSs\ObjectName","SUCCESS","Type: REG_SZ, Length: 56, Data: NT AUTHORITY\NetworkService"
"7:47:28.2752001 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RpcSs","SUCCESS",""
"7:47:28.2752400 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services","SUCCESS","Desired Access: Read"
"7:47:28.2753143 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\PlugPlay","SUCCESS","Desired Access: Read"
"7:47:28.2754085 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services","SUCCESS",""
"7:47:28.2754579 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\PlugPlay\ObjectName","BUFFER OVERFLOW","Length: 12"
"7:47:28.2755227 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\PlugPlay\ObjectName","SUCCESS","Type: REG_SZ, Length: 24, Data: LocalSystem"
"7:47:28.2756213 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\PlugPlay","SUCCESS",""
"7:47:28.2756532 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services","SUCCESS","Desired Access: Read"
"7:47:28.2757253 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\TapiSrv","SUCCESS","Desired Access: Read"
"7:47:28.2758177 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services","SUCCESS",""
"7:47:28.2758496 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\TapiSrv\ObjectName","BUFFER OVERFLOW","Length: 12"
"7:47:28.2759130 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\TapiSrv\ObjectName","SUCCESS","Type: REG_SZ, Length: 24, Data: LocalSystem"
"7:47:28.2760099 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\TapiSrv","SUCCESS",""
"7:47:28.2760387 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services","SUCCESS","Desired Access: Read"
"7:47:28.2761108 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Services\RasMan","SUCCESS","Desired Access: Read"
"7:47:28.2762021 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services","SUCCESS",""
"7:47:28.2762357 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RasMan\ObjectName","BUFFER OVERFLOW","Length: 12"
"7:47:28.2763010 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Services\RasMan\ObjectName","SUCCESS","Type: REG_SZ, Length: 24, Data: LocalSystem"
"7:47:28.2764089 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Services\RasMan","SUCCESS",""
"7:48:03.2519831 AM","services.exe","1772","WriteFile","C:\WINDOWS\system32\config\OSession.evt","SUCCESS","Offset: 0, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
"7:48:03.2650309 AM","services.exe","1772","WriteFile","C:\WINDOWS\system32\config\OSession.evt","SUCCESS","Offset: 404,348, Length: 264"
"7:48:03.2651091 AM","services.exe","1772","ReadFile","C:\WINDOWS\system32\config\OSession.evt","SUCCESS","Offset: 401,408, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
"7:48:03.2725078 AM","services.exe","1772","CreateFile","C:\WINDOWS\system32\config\OSession.evt","SUCCESS","Desired Access: Write Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"7:48:03.2731850 AM","services.exe","1772","SetBasicInformationFile","C:\WINDOWS\system32\config\OSession.evt","SUCCESS","CreationTime: 1/1/1601 3:00:00 AM, LastAccessTime: 1/1/1601 3:00:00 AM, LastWriteTime: 1/1/1601 3:00:00 AM, ChangeTime: 1/1/1601 3:00:00 AM, FileAttributes: AN"
"7:48:03.2736253 AM","services.exe","1772","CloseFile","C:\WINDOWS\system32\config\OSession.evt","SUCCESS",""
"7:48:03.2740021 AM","services.exe","1772","WriteFile","C:\WINDOWS\system32\config\OSession.evt","SUCCESS","Offset: 404,612, Length: 40"
"7:48:20.0958446 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Control\ComputerName","SUCCESS","Desired Access: Read"
"7:48:20.0960301 AM","services.exe","1772","RegOpenKey","HKLM\System\CurrentControlSet\Control\ComputerName\ActiveComputerName","SUCCESS","Desired Access: Read"
"7:48:20.0962025 AM","services.exe","1772","RegQueryValue","HKLM\System\CurrentControlSet\Control\ComputerName\ActiveComputerName\ComputerName","SUCCESS","Type: REG_SZ, Length: 22, Data: COMPUTER_1"
"7:48:20.0970724 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Control\ComputerName\ActiveComputerName","SUCCESS",""
"7:48:20.0971556 AM","services.exe","1772","RegCloseKey","HKLM\System\CurrentControlSet\Control\ComputerName","SUCCESS",""
  • 0

#120
RKinner
Posted 16 November 2011 - 12:33 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Copy the next line:

reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PlugPlay\Security /s > \junk.txt

Start, Run, cmd, OK

right click and Paste or Ecdit then Paste and the copied line should appear. Hit Enter.

notepad  \junk.txt

Copy and Paste the text from notepad.
  • 0
Back to Can't Run Any Antivirus or Malware Removal Programs · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Can't Run Any Antivirus or Malware Removal Programs

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP