Technical information: |
|
| Icon status | Visible |
| Icon setting | Hidden when inactive |
| Executable file | C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe |
| Version | 17.0.2010.0 |
| Parent process | C:\Windows\explorer.exe |
| Can be uninstalled | Yes |
| Autorun | Started form registry |
| Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run |
| Value | WinPatrol |
| Encrypted | No |
| Size on disk | 313.3 Kb |
| Minimum recorded memory usage | 2.5 Mb |
| Average recorded memory usage | 2.5 Mb |
| Maximum recorded memory usage | 2.5 Mb |
| Date when maximum memory usage occured | 19-2-2010 8:30:45 |
| Minimum recorded CPU usage | 0% |
| Average recorded CPU usage | 0% |
| Maximum recorded CPU usage | 0% |
| Date when maximum CPU usage occured | 19-2-2010 8:30:45 |
| Started at | 19-2-2010 7:54:38 |
| Total CPU time | 3 seconds |
| Imported functions | [-] Imported from KERNEL32.dllGetWindowsDirectoryA
WriteFile
GlobalAlloc
GlobalUnlock
FindFirstFileA
CopyFileA
GlobalFree
FindClose
FindNextFileA
GetFileAttributesA
SetFileAttributesA
FreeLibrary
HeapAlloc
HeapFree
GetProcessHeap
OpenProcess
GetProcAddress
LoadLibraryA
GetVersionExA
CloseHandle
GetTickCount
FormatMessageA
FileTimeToLocalFileTime
LocalFree
FileTimeToSystemTime
DeleteFileA
GetSystemDirectoryA
GetEnvironmentVariableA
GetShortPathNameA
CreateDirectoryA
GetLastError
CreateFileA
GetFileSize
GetLocalTime
WritePrivateProfileStringA
GetProfileStringA
GetModuleFileNameA
GetFileTime
Sleep
GetExitCodeProcess
TerminateProcess
GetTempPathA
MoveFileA
SetFilePointer
ExpandEnvironmentStringsA
lstrcatA
WriteProfileStringA
lstrcpyA
SearchPathA
_lclose
CreateProcessA
MultiByteToWideChar
lstrcmpA
GetStringTypeW
GetStringTypeA
LeaveCriticalSection
EnterCriticalSection
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
DeleteCriticalSection
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
ExitProcess
LCMapStringW
LCMapStringA
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
GlobalLock
OpenFile
SetErrorMode
lstrlenA
_lread
lstrcmpiA
WinExec
GetLocaleInfoA
InitializeCriticalSection
VirtualAlloc
HeapReAlloc
RtlUnwind
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
HeapSize
FlushFileBuffers
WideCharToMultiByte
GetStartupInfoA
GetCommandLineA
[-] Imported from USER32.dllFindWindowA
GetDlgItem
CreateWindowExA
DefWindowProcA
GetCursorPos
CreatePopupMenu
AppendMenuA
PostMessageA
DestroyWindow
GetMessageA
DispatchMessageA
SetTimer
PostQuitMessage
LoadCursorA
LoadIconA
RegisterClassA
RegisterWindowMessageA
TranslateMessage
TrackPopupMenuEx
UpdateWindow
GetWindowThreadProcessId
IsWindow
GetSystemMetrics
GetWindowRect
wsprintfA
InvalidateRect
LoadStringA
SetForegroundWindow
DialogBoxParamA
MessageBoxExA
EndDialog
SetWindowPos
ShowWindow
SetWindowTextA
EnableWindow
SetDlgItemTextA
SendDlgItemMessageA
KillTimer
[-] Imported from ADVAPI32.dllRegCloseKey
GetServiceKeyNameA
GetServiceDisplayNameA
StartServiceA
CloseServiceHandle
ControlService
OpenSCManagerA
OpenServiceA
QueryServiceStatus
RegDeleteValueA
RegCreateKeyA
RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegOpenKeyA
RegQueryValueA
RegOpenKeyExA
RegEnumValueA
RegEnumKeyExA
RegDeleteKeyA
RegQueryInfoKeyA
|
| Some relevant texts from the exe file | [-] Click here to hide details""http://www.winpatrol.com/safe.html0
http://ocsp.verisign.com0?
https://www.verisign.com/rpa0
/http://CSC3-2004-crl.verisign.com/CSC3-2004.crl0D
http://crl.verisign.com/pca3.crl0
https://www.verisign.com/rpa01
0http://crl.verisign.com/ThawteTimestampingCA.crl0
http://ocsp.verisign.com0
""http://crl.verisign.com/tss-ca.crl0
Typically this value should be ""http://""
http://www.winpatrol.com/
!This program cannot be run in DOS mode.
EncodePointer
DecodePointer
FlsSetValue
FlsGetValue
CorExitProcess
mscoree.dll
runtime error
SING error
DOMAIN error
- not enough space for locale information
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- CRT not initialized
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
- not enough space for environment
- not enough space for arguments
- floating point support not loaded
Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
InitializeCriticalSectionAndSpinCount
kernel32.dll
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
SOFTWARE\Microsoft\Internet Explorer\Extensions
SOFTWARE\Microsoft\Internet Explorer\Toolbar
\InprocServer32
ButtonText
shdoclc.dll
Compatibility Flags
\cookies.sqlite
\cookies.txt
\cookiesnew.txt
Software\BillP Studios\WinPatrol\Nuts
CookieFolder
Software\BillP Studios\WinPatrol
Software\Microsoft\Windows\CurrentVersion\Explorer
\Mozilla\FireFox\Profiles\
\Mozilla\Profiles\default\
ChromeCookieFolder
\Google\Chrome\User Data\Default\
IECookieFolder
\User Shell Folders
UpdateCookieFile
Software\BillP Studios\WinPatrol\Options
\index.dat
firefox.exe
DELETE FROM moz_cookies WHERE name LIKE ''%%%s%%''
DELETE FROM cookies WHERE name LIKE ''%%%s%%''
DELETE FROM moz_cookies WHERE host LIKE ''%%%s%%''
DELETE FROM cookies WHERE host_key LIKE ''%%%s%%''
SELECT * FROM moz_cookies
SELECT * FROM cookies
creation_utc
expires_utc
Software\BillP Studios\WinPatrol\Cookies
WinLogon:UserInit
WinLogon:Shell
ObjectDelayLoad
SharedTaskScheduler
SYSTEM\CurrentControlSet\Services\
yPosSysFiles
xPosSysFiles
Software\BillP Studios\WinPatrol\Sysfiles
VDMDBG.DLL
EnumProcesses
EnumProcessModules
GetModuleFileNameExA
VDMEnumTaskWOWEx
CreateToolhelp32Snapshot
Process32First
RUNDLL32.EXE
\iexplore.exe
\WinPatrol
\WinPatrol.exe
\WinPatrolEx.exe
%PROGRAMFILES%
ProgramFilesDir
SOFTWARE\Microsoft\Windows\CurrentVersion
C:\Program Files
**:**:** NanoCycles: %s = %d %s
GetLongPathNameA
\WAOL.EXE -u
waol.exe -u
BrowserFailure
notepad.exe
wininit.exe
America Online
AOL Frame25
America Online
Software\BillP Studios\WinPatrol\Disabled
Software\BillP Studios\Detected\Startup
Software\BillP Studios\Detected\Hidden
Software\BillP Studios\Detected\FileTypes
Software\BillP Studios\Detected\ActiveTasks
Software\BillP Studios\Detected\Services
Software\BillP Studios\Detected\Tasks
Software\BillP Studios\Detected\ActiveX
Software\BillP Studios\Detected\IEHelper
sShortDate
Control Panel\International
sTimeFormat
Software\BillP Studios\WinPatrol\Hidden
Software\BillP Studios\WinPatrol\Delay\OpenAs
USERPROFILE
Software\BillP Studios\WinPatrol\Class
Software\Classes\
Software\BillP Studios\WinPatrol\Ext
Do not edit.
Software\BillP Studios\WinPatrol\ExtApp
Software\BillP Studios\WinPatrol\ExtProgID
Software\BillP Studios\WinPatrol\ExtType
\shell\open\command
Application
Applications\
Software\BillP Studios\WinPatrol\ExtRoot
Software\BillP Studios\WinPatrol\ClassRoot
CommonFilesDir
WINPATROL_RUNSERVICESONCE
WINPATROL_RUNSERVICES
WINPATROL_RUNONCEEX
WINPATROL_RUNONCE
WINPATROL_RUN
MACHINE_RUNONCESETUPMACHINE_RUNPOLICY
MACHINE_RUNSERVICESONCE
MACHINE_RUNSERVICES
MACHINE_RUNONCEEX
MACHINE_RUNONCE
MACHINE_RUN
Software\BillP Studios\WinPatrol\Disabled\WinRun
Software\BillP Studios\WinPatrol\Disabled\WinLoad
Software\BillP Studios\WinPatrol\Disabled\Policy
Software\BillP Studios\WinPatrol\Disabled\RunSetup
Software\BillP Studios\WinPatrol\Disabled\RunOnce
Software\BillP Studios\WinPatrol\Disabled\Run
Software\Microsoft\Windows\CurrentVersion\RunOnce
Software\Microsoft\Windows\CurrentVersion\Run
Winlogon Userinit
Winlogon Shell
Software\BillP Studios\WinPatrol\Delay
Software\BillP Studios\WinPatrol\Delay\Title
Software\BillP Studios\WinPatrol\Delay\Shortcuts
Common Startup
Software\BillP Studios\WinPatrol\Run
SYSTEM\CurrentControlSet\Services
DisplayName
Description
\Userinit.exe,
Explorer.exe
REMOVE_WinLogonNotify
HIDDEN_Alert
REMOVE_APPINIT
REMOVE_SHELLEXECUTEHOOK
REMOVE_TASKSCHEDULER
REMOVE_DELAYLOAD
RESET_USERINIT
SERVICE__from_Disabled
SERVICE_from_Disabled
SERVICE_from_Manual
SERVICE_from_Automatic
ScheduledTask_Remove
IEHELPER_Restore
TASK_Restore
START_Restore
SERVICE_Disabled
SERVICE_Manual
SERVICE_Automatic
SERVICE_Stop
IEHELPER_Alert
TASK_Remove
IEHELPER_Remove
START_Disable
*START_Remove
TYPE_UNKNOWN
MACHINE_RUNPOLICY
MACHINE_RUNONCESETUP
RUN_WINLOGONNOTIFY
TYPE_PROSEARCH
TYPE_BLACKLIST
TYPE_MONITOR
TYPE_EXTENSION
TYPE_TOOLBAR
TASK_SCHEDULED
SERVICE_SVCHOST
INFO_SAVECOOKIE
INFO_NETCOOKIE
INFO_COOKIE
REG_AppInitDLLs
REG_ShellExecuteHook
REG_TaskScheduler
REG_Delayload
WINLOGON_Shell
WINLOGON_Userinit
GROUP_STARTUP
WOW64_RUNSERVICESONCE
WOW64_RUNSERVICES
WOW64_RUNONCEEX
WOW64_RUNONCE
CURRENT_RUNSERVICESONCE
CURRENT_RUNSERVICES
CURRENT_RUNONCEEX
CURRENT_RUNONCE
&action=%s
ProductName
ProductVersion
CompanyName
FileDescription
LegalCopyright
\VarFileInfo\Translation
\StringFileInfo\%04x%04x\%s
Operating System
SYSTEM AGENT COM WINDOW
SAGEWINDOWCLASS
mstask.exe
Enter Verify function
Exit Early because we recently did a verify
Startup Programs
McAfee Application Installer Cleanup
ActiveX Files
IE Start/Search Page
SourcePage
Scheduled Tasks
Software\BillP Studios\WinPatrol\Tasks
McAfee.com
Check for change to Services
Software\BillP Studios\WinPatrol\Services
Filter Cookies
Filter Mozilla Cookies
Check for New Cookies
MonitorTimer > 1000
WINPATROLPLUS10: Total Verify Time %d,
Exit Normal Verify
Software\BillP Studios\WinPatrol\IEHelpers
Software\BillP Studios\WinPatrol\ActiveX
Check for Task Change
* * * VERIFY TASKS
Software\BillP Studios\WinPatrol\Delay\Time
Software\BillP Studios\WinPatrol\Delay\Parameters
Software\BillP Studios\WinPatrol\Delay\Applet
Software\BillP Studios
Software\BillP Studios\WinPatrol\HostFile
ConsentPromptBehaviorAdmin
PromptOnSecureDesktop
Runs at system boot time at command level.
C:\autoexec.bat
Autoexec.bat
Used at system boot time at command level.
C:\Config.sys
Config.sys
exefile\shell\WinPatrol PLUS
SendHistory
HideScotty
HideStartup
HideActiveX
HideHomePage
ConfirmExit
HideMicrosoftServices
HideMicrosoftActiveX
IncludeKillBit
ActiveXListAll
LockFileTypes
ShowAllStartup
NoMicrosoftStartup
ShowAlerts
HideRunOnce
PlusFormat
RealtimeStartup
RealtimeIEHelper
RealtimeSysFiles
RealtimeFileType
RealtimeStartPage
RealtimeHidden
RealtimeActiveX
RealtimeServices
ViewCookies
ExplorerMenu
WindowSettings
Flintstone
\winpatrol.exe -expressboot
AppEvents\Schemes\Apps\WinPatrol\Open\.current
winpatrol.exe
\WAOL.EXE -u""
waol.exe -u""
Software\BillP Studios\Detected
WinPatrol System Monitor
WinpatrolEx.exe
WinPatrol Explorer
\winpatrol.exe"" %1
exefile\shell\WinPatrol PLUS\command
From Initialize to Post
MS Sans Serif
Possible System Conflict
WinPatrolEx.exe -RESTART
WinPatrolEx.exe
COMCTL32.dll
PlaySoundA
VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA
VERSION.dll
PATROLPRO.DLL
InternetReadFile
InternetOpenA
InternetCloseHandle
InternetOpenUrlA
WININET.dll
sqlite3_close
sqlite3_open
sqlite3.dll
GetWindowsDirectoryA
GlobalUnlock
FindFirstFileA
GlobalFree
FindNextFileA
GetFileAttributesA
SetFileAttributesA
FreeLibrary
GetProcessHeap
GetProcAddress
LoadLibraryA
GetVersionExA
CloseHandle
GetTickCount
FormatMessageA
FileTimeToLocalFileTime
FileTimeToSystemTime
DeleteFileA
GetSystemDirectoryA
GetEnvironmentVariableA
GetShortPathNameA
CreateDirectoryA
GetLastError
CreateFileA
GetLocalTime
WritePrivateProfileStringA
GetProfileStringA
GetModuleFileNameA
GetExitCodeProcess
TerminateProcess
SetFilePointer
ExpandEnvironmentStringsA
WriteProfileStringA
WideCharToMultiByte
CreateProcessA
MultiByteToWideChar
FindWindowA
SendDlgItemMessageA
SetDlgItemTextA
EnableWindow
SetWindowTextA
SetWindowPos
MessageBoxExA
DialogBoxParamA
SetForegroundWindow
LoadStringA
InvalidateRect
GetWindowRect
GetWindowThreadProcessId
UpdateWindow
TrackPopupMenuEx
RegisterWindowMessageA
RegisterClassA
LoadCursorA
PostQuitMessage
DispatchMessageA
DestroyWindow
PostMessageA
AppendMenuA
CreatePopupMenu
GetCursorPos
DefWindowProcA
CreateWindowExA
CreateFontA
RegQueryInfoKeyA
RegEnumKeyExA
RegEnumValueA
RegOpenKeyExA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegSetValueExA
RegQueryValueExA
RegDeleteValueA
QueryServiceStatus
OpenServiceA
OpenSCManagerA
ControlService
CloseServiceHandle
StartServiceA
GetServiceDisplayNameA
GetServiceKeyNameA
ADVAPI32.dll
ExtractIconA
ShellExecuteA
ShellExecuteExA
Shell_NotifyIconA
SHELL32.dll
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitialize
GetCommandLineA
GetStartupInfoA
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
InterlockedIncrement
InterlockedDecrement
IsValidCodePage
GetModuleHandleA
TlsGetValue
TlsSetValue
SetLastError
GetCurrentThreadId
ExitProcess
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
DeleteCriticalSection
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
EnterCriticalSection
LeaveCriticalSection
GetStringTypeA
GetLocaleInfoA
InitializeCriticalSection
VirtualAlloc
HeapReAlloc
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
abcdefghijklmnopqrstuvwxyz
Ua[IP]gGJG
aObG__^^_DLLiY%2''#2bP
PYdovuuOqkja^YXWVP9
]deg:baJI`PK
|ywuo`TKGED@
akkfwID`ZU
<assemblyIdentity
version=""5.1.0.0""
processorArchitecture=""X86""
name=""BillPStudios.WinPatrol.Plus""
</security>
</trustInfo>
Restart Commands
REN= Indicates the file will be renamed .
&Plus Info
No Description found
Company name not included in this program.
No Copyright information included.
Company name
More Info...
Is this change ok?
Path not found
Disable future monitoring of this file
View &Current File
View &Previous File
VS_VERSION_INFO
StringFileInfo
BillP Studios
FileVersion
InternalName
WinPatrol Monitor
1997- 2010 BillP Studios
WinPatrol Monitor
VarFileInfo
Translation
""VeriSign Time Stamping Services CA
|
"WinPatrol System Monitor" that belongs to "WinPatrol Monitor" made by "BillP Studios" 
