The New WinPatrol version stays only until I turn off my computer

LindaEllis · July 22, 2014, 01:13:58 PM

I do turn my computer off when going to bed and turn it back on in the morning. For two days now, the old version with the yellow background on the Scotty dog icon keeps coming back. I did take the steps in the Options to click on the box to remove old versions and I didn't see them afterward in the add/remove listing when I checked that on my computer, but that didn't change anything. Yesterday while the machine was still showing the green background, I saw two yellow background Scotty dogs in the start-up listing and the one latest green background. When I changed one yellow background Scotty Dog to the delayed start; all of them changed, including the green background Scotty dog to delayed start. I got an email this morning from Security Garden saying something about copying over a history file from the BillP version into the new version, etc. I wouldn't know how to do that. I don't know what to do now and I would need steps to try to correct anything in this new version. Please help, I appreciate it. I am a paying customer. Thank you.

Corrine · July 22, 2014, 01:53:04 PM

Hi, Linda. Welcome to LandzDown Forum. I'm glad you joined as it will be easier to separate your problem from others here than in the WinPatrol Facebook group.

By email from Security Garden, I gather you subscribe to my blog posts and received notice of my article from yesterday, WinPatrol v32 Update where I quoted Bill's instructions about copying the history.txt file to the new Ruiware folder. The history.txt file is useful for restoring a startup program, although not completely necessary because you can manually add a program to startup.

However, you can easily check the new folder to see if history.txt is there. I found that it copied for me. Navigate to C:\Program Files (x86)\Ruiware\WinPatrol and look for a file named history.txt.

I don't understand what you mean when you said:

QuoteYesterday while the machine was still showing the green background, I didn't see them afterward in the add/remove listing when I checked that on my computer, but that didn't change anything. Yesterday while the machine was still showing the green background, I saw two yellow background Scotty dogs in the start-up listing and the one latest green background. When I changed one yellow background Scotty Dog to the delayed start; all of them changed, including the green background Scotty dog to delayed start.

It may help if you post a Hijack Log. Please launch WinPatrol.exe, approve the UAC prompt and go to the Options tab. Click Hijack Log (third on the right). When the text file opens, click Edit > Select All and then click Edit > Copy. In your reply, paste the results here.

Corrine · July 22, 2014, 04:28:46 PM

Hi, Linda. Please don't click the "Report" link unless there is a problem with a post on the forum, e.g., a spammer got through our defenses. Below is the message submitted with your report:

QuoteI have to go away for awhile now. But where do I find the file to launch it? I only have this older version of WinPatrol anyway right now. I am not good at following all of the instructions if I don't know where to find the files in the first place.

1. If Scotty is sitting in the system tray, right-click it to launch it. Then go to the Options tab. Click Hijack Log (third on the right). When the text file opens, click Edit > Select All and then click Edit > Copy. In your reply, paste the results here.

2. Please navigate to C:\Program Files (x86) and tell us if you have either C:\Program Files (x86)\BillP Studios or C:\Program Files (x86)\Ruiware folders or both.

Thank you.

LindaEllis · July 22, 2014, 09:49:26 PM

Thank you so much for your help again. I am sorry I clicked on the wrong place. I was hurried out to go for an appt. and I just returned. I checked the program files. I have both a BillPStudios Floder and a RuiwareFolder. I don't see a "x86". Below is the hijack log. Thank you so much. Just to mention. I do use Firefox Browswer all of the time, and never IE. I can only go up to IE8 because I do still use Windows XP. Thank you.

Log created by WinPatrol PLUS version 31.0.2014.0:31.0.2014.0
Scan saved at 5:45:04 PM, on 7/22/2014
Platform: Windows XP SP3
Windows (x86) Version 5.1 Build 2600 2 Service Pack 3
Browser: Windows® Internet Explorer - Internet Explorer version 8.00.6001.18702
MSIE: Internet Explorer (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWSSYSTEM32\SMSS.EXE
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRAM FILES\MICROSOFT OFFICE\Office12\GROOVEMONITOR.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRAM FILES\Canon\MYPRINTER\BJMYPRT.EXE
C:\PROGRAM FILES\Canon\SOLUTION MENU EX\CNSEMAIN.EXE
C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROL.EXE
C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRAM FILES\Google\GOOGLETOOLBARNOTIFIER\GOOGLETOOLBARNOTIFIER.EXE
C:\DOCUMENTS AND SETTINGS\LINDA ELLIS\APPLICATION DATA\Dropbox\bin\Dropbox.exe
C:\PROGRAM FILES\MICROSOFT OFFICE\Office12\ONENOTEM.EXE
C:\PROGRAM FILES\COMMON FILES\ArcSoft\CONNECTION SERVICE\Bin\ACSERVICE.EXE
C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\ekrn.exe
C:\PROGRAM FILES\Canon\IJPLM\ijplmsvc.exe
C:\PROGRAM FILES\Oracle\JAVAFX 2.1 RUNTIME\bin\jqs.exe
C:\PROGRAM FILES\MALWAREBYTES ANTI-MALWARE\MBAMSCHEDULER.EXE
C:\PROGRAM FILES\MALWAREBYTES ANTI-MALWARE\MBAMSERVICE.EXE
C:\PROGRAM FILES\MALWAREBYTES ANTI-MALWARE\mbam.exe
C:\PROGRAM FILES\Canon\CAL\CALMAIN.exe
C:\PROGRAM FILES\MOZILLA FIREFOX\firefox.exe
C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGIN-CONTAINER.EXE
C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROLEX.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RTHDCPL]RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr]ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray]C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds]C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence]C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [GrooveMonitor]C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Run: [CanonMyPrinter]C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenuEx]C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [WinPatrol PLUS]C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [ArcSoft Connection Service]C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [APSDaemon]C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Run: [Adobe ARM]C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Run: [egui]C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe /hide /waitservice
O4 - HKLM\..\Run: [QuickTime Task]C:\Program Files\QuickTime\QTTask.exe -atboottime
O4 - HKLM\..\Run: [WinPatrol PLUS]C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [ctfmon.exe]C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg]C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WinPatrol PLUS]C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - Startup: Dropbox.lnk=C:\Documents and Settings\Linda Ellis\Application Data\Dropbox\bin\Dropbox.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk=C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://c:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [Java (Oracle)] Java (Oracle) - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin
O11 - Options group: [] -
O14 - IERESET.INF: START_PAGE_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
O14 - IERESET.INF: SEARCH_PAGE_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
O14 - IERESET.INF:HKCU, Start Page = %START_PAGE_URL%
O14 - IERESET.INF:HKLM, Default_Page_URL = %START_PAGE_URL%
O14 - IERESET.INF:HKLM, Default_Search_URL = %SEARCH_PAGE_URL%
O14 - IERESET.INF:HKLM, Search Page = %SEARCH_PAGE_URL%
O14 - IERESET.INF:HKCU, Search Page = %SEARCH_PAGE_URL%
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1341086343562
O21 - WPDShServiceObj - WPDShServiceObj Class - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ArcSoft Connect Daemon - ArcSoft Inc. - C:\PROGRAM FILES\COMMON FILES\ArcSoft\CONNECTION SERVICE\Bin\ACSERVICE.EXE
O23 - Service: Adobe Flash Player Update Service - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FLASHPLAYERUPDATESERVICE.EXE
O23 - Service: Canon Camera Access Library 8 - Canon Inc. - C:\PROGRAM FILES\Canon\CAL\CALMAIN.exe
O23 - Service: ESET Service - ESET - C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\ekrn.exe
O23 - Service: Google Update Service (gupdate) - Google Inc. - C:\PROGRAM FILES\Google\Update\GOOGLEUPDATE.EXE
O23 - Service: Google Update Service (gupdatem) - Google Inc. - C:\PROGRAM FILES\Google\Update\GOOGLEUPDATE.EXE
O23 - Service: Google Software Updater - Google - C:\PROGRAM FILES\Google\Common\GOOGLE UPDATER\GOOGLEUPDATERSERVICE.EXE
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program - Canon - C:\PROGRAM FILES\Canon\IJPLM\ijplmsvc.exe
O23 - Service: Java Quick Starter - Oracle Corporation - C:\PROGRAM FILES\Oracle\JAVAFX 2.1 RUNTIME\bin\jqs.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\PROGRAM FILES\MALWAREBYTES ANTI-MALWARE\MBAMSCHEDULER.EXE
O23 - Service: MBAMService - Malwarebytes Corporation - C:\PROGRAM FILES\MALWAREBYTES ANTI-MALWARE\MBAMSERVICE.EXE
O23 - Service: Mozilla Maintenance Service - Mozilla Foundation - C:\PROGRAM FILES\MOZILLA MAINTENANCE SERVICE\MAINTENANCESERVICE.EXE
O23 - Service: NBService - Nero AG - C:\PROGRAM FILES\Nero\Nero 7\NERO BACKITUP\NBSERVICE.EXE
O23 - Service: NMIndexingService - Nero AG - C:\PROGRAM FILES\COMMON FILES\Ahead\Lib\NMINDEXINGSERVICE.EXE

--- Additional WinPatrol Info ---
Default Browser: Windows® Internet Explorer - Internet Explorer version 8.00.6001.18702
MSIE: Internet Explorer (8.00.6001.18702)
Firefox 30.0 installed in C:\Program Files\Mozilla Firefox.
2 IE Cookies in Folder: C:\Documents and Settings\Linda Ellis\Cookies\
2780 Mozilla Cookies in Folder: C:\Documents and Settings\Linda Ellis\Application Data\Mozilla\FireFox\Profiles\9712rryy.default

WP00 - HKLM\CS1: BootExecute = autocheck autochk *
WP00 - HKLM\CCS: BootExecute = autocheck autochk *
WP00 - HKLM\CS2: BootExecute = autocheck autochk *
WP02 - HKLM\CCS: Command = C:\WINDOWS\system32\cmd.exe

WP03 - Windows Automatic Update = 4:Automatically download recommended updates for my computer and install them.

WP08 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix: Default = http://
WP08 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes: www = http://

WP31 - Scheduled Tasks: [GoogleUpdateTaskMachineUA.job]C:\Program Files\Google\Update\GoogleUpdate.exe 07/22/2014 5:30 PM
WP31 - Scheduled Tasks: [GoogleUpdateTaskMachineCore.job]C:\Program Files\Google\Update\GoogleUpdate.exe 07/22/2014 5:16 PM
WP31 - Scheduled Tasks: [EasyShare Registration Task.job]C:\WINDOWS\system32\rundll32.exe 07/01/2014 10:11 AM
WP31 - Scheduled Tasks: [AppleSoftwareUpdate.job]C:\Program Files\Apple Software Update\SoftwareUpdate.exe 07/15/2014 11:55 PM
WP31 - Scheduled Tasks: [Adobe Flash Player Updater.job]C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe 07/22/2014 10:14 AM
WP31 - Scheduled Tasks: [Microsoft Windows XP End of Service Notification Logon.job]C:\WINDOWS\system32\xp_eos.exe 07/22/2014 5:16 PM

WP16 - ActiveX: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [QuickTime Object] C:\PROGRAM FILES\QUICKTIME\QTPlugin.ocx QuickTime 7.7.5 (1680.95.13)
WP16 - ActiveX: {0468C085-CA5B-11D0-AF08-00609797F0E0} [Outlook Today's Data-binding control] C:\PROGRAM FILES\MICROSOFT OFFICE\Office12\OUTLCTL.DLL
WP16 - ActiveX: {17492023-C23A-453E-A040-C7C580BBF700} [Windows Genuine Advantage Validation Tool] C:\WINDOWS\system32\LEGITCHECKCONTROL.DLL 1.9.0040.0
WP16 - ActiveX: {25336920-03F9-11CF-8FD0-00AA00686F13} [HTML Document] C:\WINDOWS\system32\mshtml.dll 8.00.6001.23588
WP16 - ActiveX: {2933BF90-7B36-11D2-B20E-00C04F983E60} [XML DOM Document] C:\WINDOWS\system32\msxml3.dll 8.100.1054.0
WP16 - ActiveX: {55136805-B2DE-11D1-B9F2-00A0C98BC547} [Shell Name Space] C:\WINDOWS\system32\ieframe.dll 8.00.6001.23580
WP16 - ActiveX: {6414512B-B978-451D-A0D8-FCFDF33E833C} [WUWebControl Class] C:\WINDOWS\system32\wuweb.dll 7.6.7600.257
WP16 - ActiveX: {6BF52A52-394A-11D3-B153-00C04F79FAA6} [Windows Media Player] C:\WINDOWS\system32\wmp.dll 11.0.5721.5280
WP16 - ActiveX: {88D96A05-F192-11D4-A65F-0040963251E5} [XML DOM Document 6.0] C:\WINDOWS\system32\msxml6.dll 6.20.2502.0
WP16 - ActiveX: {9203C2CB-1DC1-482D-967E-597AFF270F0D} [SharePoint OpenDocuments Class] C:\PROGRAM FILES\MICROSOFT OFFICE\Office12\OWSSUPP.DLL 12.0.4518.1014
WP16 - ActiveX: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} [cpbrkpie Control] C:\WINDOWS\COUPONPRINTER.OCX 4.0.2.0
WP16 - ActiveX: {CA8A9780-280D-11CF-A24D-444553540000} [Adobe PDF Reader] C:\PROGRAM FILES\COMMON FILES\Adobe\Acrobat\ActiveX\AcroPDF.dll 11.0.07.79
WP16 - ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} [Shockwave Flash Object] C:\WINDOWS\system32\Macromed\Flash\FLASH32_14_0_0_145.OCX 14,0,0,145
WP16 - ActiveX: {DE4AF3B0-F4D4-11D3-B41A-0050DA2E6C21} [QuickTimeCheck Class] C:\PROGRAM FILES\QUICKTIME\QTSystem\QUICKTIMECHECK.OCX QuickTime 7.7.5 (1680.95.13)
WP16 - ActiveX: {05589fa1-c356-11ce-bf01-00aa0055595a} [ActiveMovieControl Object] C:\WINDOWS\system32\wmpdxm.dll 11.0.5721.5268
WP16 - ActiveX: {1D2B4F40-1F10-11D1-9E88-00C04FDCAB92} [ThumbCtl Class] C:\WINDOWS\system32\webvw.dll 6.00.2900.5512
WP16 - ActiveX: {ECD0ECC6-DCA4-4013-A915-12355AB70999} [MSWebDVD Class] C:\WINDOWS\system32\mswebdvd.dll 6.05.2600.5857
WP16 - ActiveX: {52A2AAAE-085D-4187-97EA-8C30DB990436} [HHCtrl Object] C:\WINDOWS\system32\hhctrl.ocx 5.2.3790.4110
WP16 - ActiveX: {54CE37E0-9834-41ae-9896-4DAB69DC022B} [Microsoft Terminal Services Client Control (redist)] C:\WINDOWS\system32\mstscax.dll 6.0.6001.18926
WP16 - ActiveX: {8BD21D50-EC42-11CE-9E0D-00AA006002F3} [Microsoft Forms 2.0 OptionButton] C:\WINDOWS\system32\FM20.DLL 12.0.4518.1014

WP32 - Hidden File: C:\boot.ini
WP32 - Hidden File: C:\IO.SYS
WP32 - Hidden File: C:\MSDOS.SYS
WP32 - Hidden File: C:\NTDETECT.COM
WP32 - Hidden File: C:\ntldr
WP32 - Hidden File: C:\pagefile.sys
WP32 - Hidden File: C:\WINDOWS\Thumbs.db
WP32 - Hidden File: C:\WINDOWS\WindowsShell.Manifest
WP32 - Hidden File: C:\WINDOWS\winnt.bmp
WP32 - Hidden File: C:\WINDOWS\winnt256.bmp
WP32 - Hidden File: C:\WINDOWS\system32\cdplayer.exe.manifest
WP32 - Hidden File: C:\WINDOWS\system32\config\default.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\SAM.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\SECURITY.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\software.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\system.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\TempKey.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\userdiff.LOG
WP32 - Hidden File: C:\WINDOWS\system32\logonui.exe.manifest
WP32 - Hidden File: C:\WINDOWS\system32\ncpa.cpl.manifest
WP32 - Hidden File: C:\WINDOWS\system32\nwc.cpl.manifest
WP32 - Hidden File: C:\WINDOWS\system32\Restore\filelist.xml
WP32 - Hidden File: C:\WINDOWS\system32\sapi.cpl.manifest
WP32 - Hidden File: C:\WINDOWS\system32\WindowsLogon.manifest
WP32 - Hidden File: C:\WINDOWS\system32\wuaucpl.cpl.manifest
WP32 - Hidden File: C:\Documents and Settings\Linda Ellis\Local Settings\Temp\etilqs_4t75gtFQNBAMwTi
WP32 - Hidden File: C:\Documents and Settings\Linda Ellis\Local Settings\Temp\etilqs_DuKAin7xzflKJnC
WP32 - Hidden File: C:\Documents and Settings\Linda Ellis\Local Settings\Temp\etilqs_I5uSVc7Y0g0C6UG
WP32 - Hidden File: C:\Documents and Settings\Linda Ellis\Local Settings\Temp\etilqs_LlmtKwnNYYycWF3
WP32 - Hidden File: C:\Documents and Settings\Linda Ellis\Local Settings\Temp\etilqs_n2bxXQiSzOHmJd5
WP32 - Hidden File: C:\Documents and Settings\Linda Ellis\Local Settings\Temp\etilqs_UHq3E7ra9jepabt
WP32 - Hidden File: C:\Documents and Settings\Linda Ellis\Local Settings\Temp\etilqs_Wt9V8AUOWZ1phzG
WP32 - Hidden File: C:\Documents and Settings\Linda Ellis\Local Settings\Temp\etilqs_y33FeZXLq1XG9fM

WP33 - File Type .AVI: [Video Clip]C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:8 /Open %L
WP33 - File Type .BAT: [MS-DOS Batch File]%1 %*
WP33 - File Type .CAB: [Cabinet File]C:\WINDOWS\Explorer.exe /idlist,%I,%L
WP33 - File Type .CAT: [Security Catalog]rundll32.exe cryptext.dll,CryptExtOpenCAT %1
WP33 - File Type .CHM: [Compiled HTML Help file]C:\WINDOWS\hh.exe %1
WP33 - File Type .COM: [MS-DOS Application]%1 %*
WP33 - File Type .CMD: [Windows NT Command Script]%1 %*
WP33 - File Type .DOC: [Microsoft Office Word 97 - 2003 Document]C:\Program Files\Microsoft Office\Office12\WINWORD.EXE /n /dde
WP33 - File Type .EML: [Outlook Express Mail Message]C:\Program Files\Outlook Express\msimn.exe /eml:%1
WP33 - File Type .EXE: [Application]%1 %*
WP33 - File Type .INF: [Setup Information]C:\WINDOWS\System32\NOTEPAD.EXE %1
WP33 - File Type .JS: [JScript Script File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .LOG: [Text Document]C:\WINDOWS\system32\NOTEPAD.EXE %1
WP33 - File Type .MSI: [Windows Installer Package]C:\WINDOWS\System32\msiexec.exe /i %1 %*
WP33 - File Type .MSG: [Outlook Item]C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE /f %1
WP33 - File Type .MID: [MIDI Sequence]C:\Program Files\Windows Media Player\wmplayer.exe /Open %L
WP33 - File Type .MP3: [MP3 Format Sound]C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:6 /Open %L
WP33 - File Type .PIF: [Shortcut to MS-DOS Program]%1 %*
WP33 - File Type .REG: [Registration Entries]regedit.exe %1
WP33 - File Type .RTF: [Rich Text Format]C:\Program Files\Microsoft Office\Office12\WINWORD.EXE /n /dde
WP33 - File Type .SCR: [Screen Saver]%1 /S
WP33 - File Type .TXT: [Text Document]C:\WINDOWS\system32\NOTEPAD.EXE %1
WP33 - File Type .URL: [Internet Shortcut]C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ieframe.dll,OpenURL %l
WP33 - File Type .VBS: [VBScript Script File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .VBE: [VBScript Encoded Script File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .WSF: [Windows Script File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .WSH: [Windows Script Host Settings File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .XLS: [Microsoft Office Excel 97-2003 Worksheet]C:\Program Files\Microsoft Office\Office12\EXCEL.EXE /e

Memory currently in use: 37%
Physical Memory Free: 2,097,151 KB
Paging File Free: 4,194,303 KB
Virtual Memory Free: 2,035,604 KB

--
End of file

Corrine · July 22, 2014, 10:09:09 PM

Hi, Linda.

I completely forgot you had told us in the FB group that you need to continue using Windows XP for a while, which explains why you didn't find C:\Program Files (x86). On Windows XP, you will see C:\Program Files. By the way, Firefox was updated to 31.0 today.

Looking at your log, I see two things that stand out. First, it is showing 3 instances of WinPatrol running. Second, it is only showing the BillP Studios folder and no folder for Ruiware. Before we go further, please double check C:\Program Files to see if there is a Ruiware folder. If you are unsure or uncomfortable with how to do this, I can provide instructions for you to provide a different type of log.

Since there are no programs listed under Delayed Start, it may be best to completely remove WinPatrol and start fresh.

LindaEllis · July 22, 2014, 11:43:16 PM

Hi Corrine, Thank you so much for replying, and truly I do appreciate your great patience with me. I figured that I would have to unistall and reininstall WinPatrol. Yes, I saw both folders in the Program Files. And when I look at the start up programs in WinPatrol I see 3 Scotty dogs with yellow backgrounds and no Scotty dogs with green backgrounds. This is after I have done now two installs of the new version just issued that just disappears on me the next day. As I mentioned, I do shut the machine down at night and then turn it on the next morning and that is when I notice that Scotty is back to his yellow background again. So, it is like poor Scotty gets confused and I just get more yellow back ground Scotties each time I try install the new one with the green background! So, I will have to do an uninstall which I did locate thankfully. Last night I did screen prints and printed them out showing which programs have delayed start on them so if the settings are lost after the uninstall/reinstall process is done. Thanks again so much ! I appreciate your help.

Corrine · July 23, 2014, 12:07:21 AM

Hi, Linda.

1. I suggest the first thing you need to do is write down your WinPatrol PLUS username and code.

2. With that done, exit EACH Scotty shown in the task bar by right-clicking the icon and selecting Exit WinPatrol.

3. Uninstall any and all versions of WinPatrol listed in Add/Remove Programs.

4. Go to the folder where you save programs that you download to install and delete all copies of wpsetup.exe

5. Next, go to http://www.winpatrol.com/download.html and click on the WinPatrol Removal Program.

6. After following the above steps, restart your computer. Then to be sure, navigate to Program Files and if the BillP Studios folder is still there, delete it.
Also navigate to C:\Documents and settings\%User%\Application Data, where %User% is the user name. If there is a WinPatrol folder there, delete it.

7. Finally, return to http://www.winpatrol.com/download.html and download WinPatrol v32.0.2014.5. After installing the latest version, enter your WinPatrol PLUS name and code and you should be good to go.

Anxious to find out how you make out, Linda.

LindaEllis · July 23, 2014, 03:23:40 AM

Hi Corrine, Wow!! Thank you for all of those steps. I am going to work on this tomorrow as I will be shutting the machine down soon. I will print out your instructions too so I do them all right. Yes, I will let you know how I do with this; hopefully okay. Thank you so much for all of your wonderful detailed help!

Corrine · July 23, 2014, 01:00:50 PM

You'll do just fine, Linda!

LindaEllis · July 23, 2014, 03:53:57 PM

Hi again. Well, I went through all of the steps. In your # 6 though now where could I find a %User%. So, I had to keep going without it. I am looking now at the Start Up programs, and there are a lot less than before. I had done a screen print (two screen prints) of what I had before. I am missing Kodak Easyshare and Malwarebytes at first glance through it. When I went into the add/remove step and removed the only Winpatrol I had which appeared to be the old version, there was a question about keeping the settings, and I clicked on yes. So, not only did settings change, but I lost some of the programs now in the start up list that were there. Please let me know what to do.

Corrine · July 23, 2014, 04:33:05 PM

Hi, Linda.

To explain the %username% for future reference, that is the username of your account. Thus, looking back at your log, it would be in C:\DOCUMENTS AND SETTINGS\LINDA ELLIS\APPLICATION DATA\. I believe the removal tool would have taken care of it anyway so nothing to be concerned with now.

As to the comparison between the screen copies, the before uninstall has the Display secret startup locations box checked and the new image does not have that checked. Also, the programs that were disabled (e.g. Easyshare) are not listed due to having run the WinPatrol Removal Program.

That said, you do now have the Ruiware folder shown but there are still two entries showing for WinPatrol PLUS with "file does not exist". I don't know if I can track down what is going on but if you would like to dig deeper, different logs may help. If you wish to proceed, please do the following:

Download DDS.scr by sUBs from here and save it to your desktop.

Disable any script blocker and then double-click dds.scr to run.
Shortly after two logs will appear, DDS.txt & Attach.txt
The logs will automatically be saved to your desktop.
Copy the contents of both logs & post in your next reply

LindaEllis · July 23, 2014, 05:41:59 PM

Here is the DDS:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.1
Run by Linda Ellis at 13:39:05 on 2014-07-23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3317.1903 [GMT -4:00]
.
AV: ESET NOD32 Antivirus 7.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Linda Ellis\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Ruiware\WinPatrol\WinPatrol.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WinPatrol] c:\program files\ruiware\winpatrol\winpatrol.exe -expressboot
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon
mRun: [WinPatrol [FREE Edition]] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [WinPatrol PLUS] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
StartupFolder: c:\docume~1\lindae~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\linda ellis\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\lindae~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1341086343562
TCP: NameServer = 172.16.0.1
TCP: Interfaces\{00F049BB-98E3-4B07-83B1-92E17AD448C5} : DHCPNameServer = 172.16.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\linda ellis\application data\mozilla\firefox\profiles\9712rryy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: c:\program files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_14_0_0_145.dll
.
============= SERVICES / DRIVERS ===============
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2013-1-10 134248]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2013-1-10 118768]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2013-9-12 1337752]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-3-24 1809720]
R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-3-24 860472]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-5-27 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-3-25 110296]
S0 cerc6;cerc6;

.
=============== Created Last 30 ================
.
2014-07-23 15:40:27   --------   d-----w-   c:\documents and settings\linda ellis\application data\WinPatrol
2014-07-23 15:40:17   --------   d-----w-   c:\program files\Ruiware
.
==================== Find3M ====================
.
2014-07-23 17:29:43   110296   ----a-w-   c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-09 01:14:44   71344   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-09 01:14:44   699056   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2014-06-06 10:47:08   4558848   ----a-w-   c:\windows\system32\GPhotos.scr
2014-05-12 11:26:02   53208   ----a-w-   c:\windows\system32\drivers\mbamchameleon.sys
2014-05-12 11:25:54   23256   ----a-w-   c:\windows\system32\drivers\mbam.sys
2014-05-12 10:58:33   107736   ----a-w-   c:\windows\system32\drivers\48230029.sys
.
============= FINISH: 13:39:27.73 ===============

I got this message at the top of the Attach.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)

~*~*~*~*~*~*~

So, please advise if I have to attach this one in full. Thank you.

Corrine · July 23, 2014, 05:55:45 PM

Just copy/paste the Attach.txt log, please.

LindaEllis · July 23, 2014, 08:45:02 PM

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/26/2012 7:37:50 PM
System Uptime: 7/23/2014 11:32:50 AM (2 hours ago)
.
Motherboard: Dell Inc. | | 0RY007
Processor: Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz | Socket 775 | 1995/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 185.199 GiB free.
D: is Removable
E: is Removable
F: is Removable
G: is Removable
H: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP689: 4/25/2014 2:17:53 PM - System Checkpoint
RP690: 4/26/2014 3:10:34 PM - System Checkpoint
RP691: 4/27/2014 3:12:48 PM - System Checkpoint
RP692: 4/28/2014 4:23:14 PM - System Checkpoint
RP693: 4/29/2014 5:25:11 PM - System Checkpoint
RP694: 4/30/2014 3:26:57 PM - Installed Windows XP -- Software Updates KB952011.
RP695: 5/1/2014 4:13:34 PM - System Checkpoint
RP696: 5/2/2014 7:00:11 AM - Software Distribution Service 3.0
RP697: 5/3/2014 8:07:38 AM - System Checkpoint
RP698: 5/4/2014 12:01:22 PM - System Checkpoint
RP699: 5/5/2014 12:15:02 PM - System Checkpoint
RP700: 5/6/2014 3:43:52 PM - System Checkpoint
RP701: 5/7/2014 5:24:40 PM - System Checkpoint
RP702: 5/8/2014 6:05:26 PM - System Checkpoint
RP703: 5/9/2014 9:47:39 PM - System Checkpoint
RP704: 5/10/2014 11:44:52 PM - System Checkpoint
RP705: 5/12/2014 8:14:06 AM - System Checkpoint
RP706: 5/13/2014 10:11:08 AM - System Checkpoint
RP707: 5/14/2014 6:07:46 AM - Software Distribution Service 3.0
RP708: 5/15/2014 6:31:51 AM - System Checkpoint
RP709: 5/16/2014 8:00:51 AM - System Checkpoint
RP710: 5/17/2014 8:02:21 AM - System Checkpoint
RP711: 5/18/2014 11:40:58 AM - System Checkpoint
RP712: 5/19/2014 12:47:12 PM - System Checkpoint
RP713: 5/20/2014 10:17:22 PM - System Checkpoint
RP714: 5/22/2014 6:34:37 AM - System Checkpoint
RP715: 5/23/2014 7:59:36 AM - System Checkpoint
RP716: 5/24/2014 9:54:42 AM - System Checkpoint
RP717: 5/25/2014 5:07:51 PM - System Checkpoint
RP718: 5/26/2014 5:17:54 PM - System Checkpoint
RP719: 5/28/2014 8:01:25 AM - System Checkpoint
RP720: 5/29/2014 12:19:57 PM - System Checkpoint
RP721: 5/30/2014 1:11:46 PM - System Checkpoint
RP722: 5/31/2014 3:08:53 PM - System Checkpoint
RP723: 6/1/2014 5:30:14 PM - System Checkpoint
RP724: 6/2/2014 5:54:08 PM - System Checkpoint
RP725: 6/3/2014 6:14:26 PM - System Checkpoint
RP726: 6/4/2014 6:43:33 PM - System Checkpoint
RP727: 6/5/2014 8:10:15 PM - System Checkpoint
RP728: 6/6/2014 9:22:41 PM - System Checkpoint
RP729: 6/8/2014 12:51:27 PM - System Checkpoint
RP730: 6/9/2014 1:14:30 PM - System Checkpoint
RP731: 6/10/2014 1:30:25 PM - System Checkpoint
RP732: 6/10/2014 10:16:38 PM - Software Distribution Service 3.0
RP733: 6/11/2014 10:21:36 PM - System Checkpoint
RP734: 6/13/2014 7:55:35 AM - System Checkpoint
RP735: 6/14/2014 10:22:55 AM - System Checkpoint
RP736: 6/15/2014 5:39:40 PM - System Checkpoint
RP737: 6/16/2014 6:10:51 PM - System Checkpoint
RP738: 6/17/2014 8:15:52 PM - System Checkpoint
RP739: 6/19/2014 10:19:07 AM - System Checkpoint
RP740: 6/20/2014 11:30:55 AM - System Checkpoint
RP741: 6/21/2014 8:19:12 PM - System Checkpoint
RP742: 6/22/2014 9:28:12 PM - System Checkpoint
RP743: 6/23/2014 10:34:46 PM - System Checkpoint
RP744: 6/25/2014 11:54:24 AM - System Checkpoint
RP745: 6/26/2014 12:44:59 PM - System Checkpoint
RP746: 6/27/2014 7:36:08 PM - System Checkpoint
RP747: 6/28/2014 7:45:17 PM - System Checkpoint
RP748: 6/30/2014 8:03:44 AM - System Checkpoint
RP749: 7/1/2014 8:59:51 AM - System Checkpoint
RP750: 7/2/2014 9:57:24 AM - System Checkpoint
RP751: 7/6/2014 9:13:57 PM - System Checkpoint
RP752: 7/7/2014 10:54:20 PM - System Checkpoint
RP753: 7/8/2014 10:36:24 PM - Software Distribution Service 3.0
RP754: 7/9/2014 10:51:53 PM - System Checkpoint
RP755: 7/10/2014 11:44:48 PM - System Checkpoint
RP756: 7/12/2014 12:20:09 PM - System Checkpoint
RP757: 7/13/2014 8:59:10 PM - System Checkpoint
RP758: 7/15/2014 7:58:12 AM - System Checkpoint
RP759: 7/16/2014 12:11:05 PM - System Checkpoint
RP760: 7/17/2014 12:59:36 PM - System Checkpoint
RP761: 7/18/2014 4:10:15 PM - System Checkpoint
RP762: 7/19/2014 4:35:06 PM - System Checkpoint
RP763: 7/20/2014 5:49:27 PM - System Checkpoint
RP764: 7/21/2014 8:30:40 PM - System Checkpoint
RP765: 7/22/2014 8:46:51 PM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe Flash Player 14 ActiveX
Adobe Flash Player 14 Plugin
Adobe Reader XI (11.0.07)
Apple Application Support
Apple Software Update
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon Easy-PhotoPrint EX
Canon G.726 WMP-Decoder
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MovieEdit Task for ZoomBrowser EX
Canon MP Navigator EX 4.0
Canon MP280 series MP Drivers
Canon MP280 series User Registration
Canon My Printer
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Solution Menu EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
CCScore
Conexant D850 56K V.9x DFVc Modem
Coupon Printer for Windows
Dropbox
ESET NOD32 Antivirus
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSTOOLS
essvatgt
Google Drive
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB945060-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Java 7 Update 10
Java Auto Updater
JavaFX 2.1.1
kgcbaby
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
Malwarebytes Anti-Malware version 2.0.2.1012
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox 31.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Essentials
neroxml
netbrdg
OfotoXMI
PCDADDIN
PCDHELP
Personal Ancestral File Companion 5.5
Picasa 3
QuickTime 7
Realtek High Definition Audio Driver
RootsMagic 6.3.1.0
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB2879017)
Security Update for Windows Internet Explorer 8 (KB2888505)
Security Update for Windows Internet Explorer 8 (KB2898785)
Security Update for Windows Internet Explorer 8 (KB2909210)
Security Update for Windows Internet Explorer 8 (KB2909921)
Security Update for Windows Internet Explorer 8 (KB2925418)
Security Update for Windows Internet Explorer 8 (KB2936068)
Security Update for Windows Internet Explorer 8 (KB2964358)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Media Player (KB2834904)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2675157)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2893984)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB2914368)
Security Update for Windows XP (KB2916036)
Security Update for Windows XP (KB2922229)
Security Update for Windows XP (KB2929961)
Security Update for Windows XP (KB2930275)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
SFR
SHASTA
skin0001
SKINXSDK
staticcr
TeamViewer 7
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB2904266)
Update for Windows XP (KB2934207)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VPRINTOL
WebFldrs XP
Windows 7 Upgrade Advisor
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
WinPatrol
WIRELESS
.
==== Event Viewer Messages From Past Week ========
.
7/17/2014 9:08:57 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.
.
==== End Of File ===========================

Corrine · July 23, 2014, 09:56:53 PM

Excellent! First, Linda, I'm going to give you some security advice since I know you need to continue using Windows XP for the time being. Then, after dealing with that, we'll take care of the old WinPatrol PLUS items that are showing in your screen copy as "File does not Exist".

1. Oracle Java -- Most people do not need Java on their computers. However, from what I can tell from Picasa 3, which you have installed, it does use Java. If you are no longer using Picasa 3, I recommend uninstalling both it and Java. On the other hand, if you do use Picasa 3, although Windows XP is no longer supported by Oracle Java, you can still get updates until July, 2015.

To continue using Java, you need to install the latest updates since they contained fixes for critical security vulnerabilities. Even though you use Firefox, you need to update Java on IE as well.

Use this download link: Java SE 7u65. Note: Carefully check when installing and UNcheck any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.

2. Adobe Reader -- There will be no additional security updates for Adobe Reader because it has reached end of support (see End of support | Acrobat and Reader for Windows XP). As a result, I suggest you consider uninstalling Adobe Reader and install an alternate reader. Personally, I like Sumatra PDF and have used it for years. It isn't a target and doesn't include unwanted extras with the install or updates. Additional information is available in my blog post, Replacing Adobe Reader with Sumatra PDF.

3. Ok, after you've digested the above and updated or uninstalled Java, please do the following:

Please follow these instructions carefully. Download ComboFix from the following location: Link 1

!!! IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your antivirus and anti-malware security applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray.

Note: If you are unsure how to disable your security software, see the instructions in this topic at Tech Support Forum: How to disable your security applications.
If infections are found, ComboFix will automatically reboot the machine to complete the removal process. Please ensure all opened windows are closed before proceeding.
Double-click ComboFix.exe on your desktop and follow the prompts.
Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
When finished, a log will be produced. Please copy C:\ComboFix.txt in your next reply.