Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is Winpower Safe? Please Check My Log


  • This topic is locked This topic is locked
3 replies to this topic

#1 persiancity

persiancity

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 15 June 2008 - 11:39 AM

Hello,

I downloaded a UPS monitoring software from this website:

http://www.ups-software-download.com/winpower.htm

and I want to ensure that this software is safe. here is my hijack log:
installed it in E:\Programs\Winpower

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:57:21 PM, on 6/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
D:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
D:\WINDOWS\system32\inetsrv\inetinfo.exe
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
E:\Programs\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\WINDOWS\system32\ctfmon.exe
E:\Stuff\Tools\ModernClock.exe
E:\Programs\Adobe\Acrobat 6.0\Distillr\acrotray.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
E:\Programs\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
E:\Programs\Apache Software Foundation\Apache2.2\bin\httpd.exe
E:\Programs\Apache Software Foundation\Apache2.2\bin\httpd.exe
E:\Programs\Winpower\Winpower.exe
E:\Programs\Winpower\jre\bin\javaw.exe
E:\Programs\Winpower\monitor.exe
E:\Programs\Winpower\jre\bin\javaw.exe
E:\Programs\Winpower\wpRMI.exe
E:\Programs\Winpower\jre\bin\javaw.exe
E:\Programs\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: comments (such as these) may be inserted on individual
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Programs\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - D:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Programs\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Programs\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - E:\Programs\STARDO~1\SDIEInt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - D:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Programs\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "E:\Programs\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Winpower] E:\Programs\Winpower\Winpower.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ModernClock] E:\Stuff\Tools\ModernClock.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = E:\Programs\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: chkHosts.lnk = E:\Stuff\Tools\chkHosts.exe
O8 - Extra context menu item: Download with Star Downloader - E:\Programs\Star Downloader\sdie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\Programs\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programs\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programs\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Programs\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\Programs\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\Programs\Yahoo!\Messenger\YahooMessenger.exe
O15 - Trusted Zone: http://*.adobe.com
O15 - Trusted Zone: http://*.sourceforge.net
O15 - Trusted Zone: http://s6.travian.com
O23 - Service: Apache2 - Apache Software Foundation - E:\Programs\Apache Software Foundation\Apache2.2\bin\httpd.exe
O23 - Service: Apache2_php5 - Apache Software Foundation - E:\Programs\Apache Software Foundation\Apache2.2_2\bin\httpd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - E:\Programs\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - D:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySQL - Unknown owner - E:\Programs\MySQL\MySQL.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - E:\Programs\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - D:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - D:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - D:\WINDOWS\system32\vmnat.exe
O23 - Service: Winpowermanager - Macrovision - E:\Programs\Winpower\manager.exe
O23 - Service: Winpowermonitor - Macrovision - E:\Programs\Winpower\monitor.exe
O23 - Service: WinpowerRMI - Macrovision - E:\Programs\Winpower\wpRMI.exe

--
End of file - 8004 bytes


also here is a log of programs which accessing internet. please look at this too. I saw that javaw in the Winpower is listed here:

FPort v2.0 - TCP/IP Process to Port Mapper
Copyright 2000 by Foundstone, Inc.
http://www.foundstone.com

Pid Process Port Proto Path
1420 inetinfo -> 25 TCP D:\WINDOWS\system32\inetsrv\inetinfo.exe
1420 inetinfo -> 80 TCP D:\WINDOWS\system32\inetsrv\inetinfo.exe
836 -> 135 TCP
1420 inetinfo -> 443 TCP D:\WINDOWS\system32\inetsrv\inetinfo.exe
4 System -> 445 TCP
1420 inetinfo -> 1025 TCP D:\WINDOWS\system32\inetsrv\inetinfo.exe
2304 -> 1027 TCP
2668 ccApp -> 1049 TCP D:\Program Files\Common Files\Symantec Shared\ccApp.exe
1364 javaw -> 1939 TCP E:\Programs\Winpower\jre\bin\javaw.exe
2024 javaw -> 1944 TCP E:\Programs\Winpower\jre\bin\javaw.exe
2024 javaw -> 1945 TCP E:\Programs\Winpower\jre\bin\javaw.exe
1364 javaw -> 2099 TCP E:\Programs\Winpower\jre\bin\javaw.exe
0 System -> 2207 TCP
0 System -> 2248 TCP
0 System -> 2251 TCP
0 System -> 2252 TCP
0 System -> 2253 TCP
0 System -> 2254 TCP
0 System -> 2255 TCP
0 System -> 2256 TCP
0 System -> 2257 TCP
0 System -> 2258 TCP
0 System -> 2259 TCP
0 System -> 2260 TCP
0 System -> 2262 TCP
0 System -> 2263 TCP
0 System -> 2264 TCP
0 System -> 2265 TCP
0 System -> 2267 TCP
0 System -> 2268 TCP
0 System -> 2269 TCP
0 System -> 2270 TCP
0 System -> 2271 TCP
0 System -> 2272 TCP
0 System -> 2273 TCP
0 System -> 2274 TCP
0 System -> 2275 TCP
0 System -> 2276 TCP
0 System -> 2277 TCP
0 System -> 2278 TCP
0 System -> 2279 TCP
0 System -> 2281 TCP
0 System -> 2282 TCP
0 System -> 2283 TCP
0 System -> 2284 TCP
0 System -> 2285 TCP
0 System -> 2286 TCP
0 System -> 2288 TCP
0 System -> 2289 TCP
0 System -> 2290 TCP
0 System -> 2291 TCP
0 System -> 2292 TCP
0 System -> 2293 TCP
0 System -> 2294 TCP
0 System -> 2295 TCP
0 System -> 2296 TCP
0 System -> 2297 TCP
0 System -> 2298 TCP
0 System -> 2299 TCP
0 System -> 2300 TCP
0 System -> 2301 TCP
0 System -> 2302 TCP
0 System -> 2303 TCP
0 System -> 2305 TCP
0 System -> 2306 TCP
0 System -> 2307 TCP
0 System -> 2308 TCP
0 System -> 2309 TCP
0 System -> 2310 TCP
0 System -> 2311 TCP
0 System -> 2312 TCP
0 System -> 2313 TCP
0 System -> 2314 TCP
0 System -> 2315 TCP
0 System -> 2316 TCP
0 System -> 2317 TCP
0 System -> 2318 TCP
0 System -> 2319 TCP
0 System -> 2320 TCP
0 System -> 2321 TCP
0 System -> 2323 TCP
0 System -> 2325 TCP
0 System -> 2326 TCP
0 System -> 2327 TCP
0 System -> 2328 TCP
0 System -> 2329 TCP
0 System -> 2330 TCP
0 System -> 2332 TCP
0 System -> 2333 TCP
0 System -> 2334 TCP
0 System -> 2336 TCP
0 System -> 2337 TCP
0 System -> 2338 TCP
0 System -> 2339 TCP
0 System -> 2340 TCP
0 System -> 2341 TCP
0 System -> 2342 TCP
0 System -> 2343 TCP
0 System -> 2346 TCP
0 System -> 2347 TCP
0 System -> 2349 TCP
0 System -> 2350 TCP
0 System -> 2351 TCP
0 System -> 2352 TCP
3652 javaw -> 2360 TCP E:\Programs\Winpower\jre\bin\javaw.exe
0 System -> 2362 TCP
0 System -> 2364 TCP
0 System -> 2365 TCP
0 System -> 2366 TCP
0 System -> 2367 TCP
0 System -> 2368 TCP
0 System -> 2369 TCP
0 System -> 2370 TCP
0 System -> 2371 TCP
0 System -> 2373 TCP
0 System -> 2374 TCP
0 System -> 2375 TCP
0 System -> 2376 TCP
0 System -> 2377 TCP
0 System -> 2378 TCP
0 System -> 2379 TCP
0 System -> 2380 TCP
0 System -> 2381 TCP
0 System -> 2382 TCP
0 System -> 2383 TCP
0 System -> 2384 TCP
0 System -> 2385 TCP
0 System -> 2386 TCP
0 System -> 2387 TCP
0 System -> 2388 TCP
0 System -> 2389 TCP
0 System -> 2390 TCP
0 System -> 2391 TCP
0 System -> 2392 TCP
0 System -> 2393 TCP
0 System -> 2394 TCP
0 System -> 2395 TCP
3508 iexplore -> 2398 TCP D:\Program Files\Internet Explorer\iexplore.exe
3508 iexplore -> 2399 TCP D:\Program Files\Internet Explorer\iexplore.exe
3508 iexplore -> 2400 TCP D:\Program Files\Internet Explorer\iexplore.exe
1496 mysqld-nt -> 3306 TCP E:\Programs\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe
3820 httpd -> 8080 TCP E:\Programs\Apache Software Foundation\Apache2.2\bin\httpd.exe

2668 ccApp -> 123 UDP D:\Program Files\Common Files\Symantec Shared\ccApp.exe
2024 javaw -> 123 UDP E:\Programs\Winpower\jre\bin\javaw.exe
1420 inetinfo -> 445 UDP D:\WINDOWS\system32\inetsrv\inetinfo.exe
1420 inetinfo -> 500 UDP D:\WINDOWS\system32\inetsrv\inetinfo.exe
836 -> 1061 UDP
1364 javaw -> 1064 UDP E:\Programs\Winpower\jre\bin\javaw.exe
1420 inetinfo -> 1077 UDP D:\WINDOWS\system32\inetsrv\inetinfo.exe
4 System -> 1079 UDP
1420 inetinfo -> 1115 UDP D:\WINDOWS\system32\inetsrv\inetinfo.exe
1364 javaw -> 1116 UDP E:\Programs\Winpower\jre\bin\javaw.exe
1364 javaw -> 1121 UDP E:\Programs\Winpower\jre\bin\javaw.exe
2024 javaw -> 1900 UDP E:\Programs\Winpower\jre\bin\javaw.exe
1496 mysqld-nt -> 2199 UDP E:\Programs\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe
3820 httpd -> 3456 UDP E:\Programs\Apache Software Foundation\Apache2.2\bin\httpd.exe
2304 -> 4500 UDP


Please help me ensure that this software is safe.

Thanks a lot
:thumbsup:

BC AdBot (Login to Remove)

 


#2 persiancity

persiancity
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 16 June 2008 - 04:40 AM

any suggestion? :/

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:26 AM

Posted 07 July 2008 - 10:06 AM

Hello persiancity

Welcome to Bleeping Computer :)

Yes, it is indeed safe. :thumbsup: http://www.castlecops.com/o23list-1800.html

Regards,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:26 AM

Posted 20 July 2008 - 03:23 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users