Link to home
Start Free TrialLog in
Avatar of OverSeer
OverSeerFlag for United States of America

asked on

How can I remove the "Winhole" trojan?

GFI Languard is detecting 1081 (Winhole) open on one of my systems... Any idea how to close it / remove it?  Windows Server 2003 SP2
Avatar of Darius Ghassem
Darius Ghassem
Flag of United States of America image

Use Malwarebytes to remove the system.
Avatar of OverSeer

ASKER

Malwarebytes only showed 2 registry entries that didn't even have to deal with Winhole...  Any other ideas?
Winhole is usually a port that is opened for the trojan. Do Highjack scan and post the log please.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:24:12 PM, on 4/16/2009
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Smc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\VMware\Infrastructure\VMware Capacity Planner\vcpCollector.exe
C:\Program Files\EMC\PowerCommon\EmcPowSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\IBM\ISC601\AppServer\bin\wasservice.exe
C:\Program Files\IBM\ISC601\PortalServer\ISCEclipse\EclipseSvc.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\IBM\ISC601\AppServer\java\bin\javaw.exe
C:\PROGRA~1\MICROS~1\MSSQL\binn\sqlservr.exe
C:\Program Files\EMC\Navisphere Agent\NaviAgent.Exe
C:\Program Files\QLogic Corporation\SANsurfer\portmap.exe
C:\PROGRA~1\QLOGIC~1\SANSUR~1\qlremote.exe
C:\Program Files\IBM\ISC601\AppServer\java\bin\java.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Tivoli\TSM\baclient\dsmcad.exe
C:\PROGRA~1\Tivoli\TSM\Server\dsmsvc.exe
C:\Program Files\Tivoli\TSM\baclient\dsmcsvc.exe
C:\Program Files\Tivoli\TSM\console\tsmreptsvc.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\VMware\VMware License Server\lmgrd.exe
C:\Program Files\VMware\Infrastructure\Converter Enterprise\vmware-converter.exe
C:\Program Files\VMware\VMware License Server\VMWARELM.exe
C:\Program Files\VMware\Infrastructure\Update Manager\vmware-updatemgr.exe
C:\Program Files\VMware\Infrastructure\VirtualCenter Server\vpxd.exe
C:\Program Files\VMware\Infrastructure\Update Manager\rdevServer.exe
C:\Program Files\VMware\Infrastructure\Update Manager\vum-webServer.exe
C:\Program Files\VMware\Infrastructure\VirtualCenter Server\tomcat\bin\Tomcat5.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\VMware\Infrastructure\Update Manager\jre-1.5.0-12\bin\java.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\SmcGui.exe
C:\Program Files\Broadcom\BACS\BacsTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\EMC\PowerCommon\EmcPowMon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\SYSTEM32\DWRCS.EXE
C:\WINDOWS\SYSTEM32\DWRCST.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet/default.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet/default.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet/default.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://intranet/default.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Mepco
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [bacstray] C:\Program Files\Broadcom\BACS\BacsTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - Global Startup: PowerPath Monitor.lnk = C:\Program Files\EMC\PowerCommon\EmcPowMon.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O14 - IERESET.INF: START_PAGE_URL=http://intranet/default.aspx
O15 - ESC Trusted Zone: http://runonce.msn.com
O16 - DPF: {22D82B43-FF26-455A-A96D-A6C61F056ED7} (Gif89 xLite Class) - http://10.2.3.254/xplugxLiteTW.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230573154018
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230573147128
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = emepco.com
O17 - HKLM\Software\..\Telephony: DomainName = emepco.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F8C9DEB-B192-4C9D-A173-17D64FD23972}: NameServer = 10.2.3.10,10.2.2.30
O17 - HKLM\System\CCS\Services\Tcpip\..\{B49CD4DC-BCE4-4EE7-9C63-ABF4D83B940A}: NameServer = 10.2.3.10,10.2.2.30
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = emepco.com
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: VMware Capacity Planner Service (Collector) - VMware ,Inc. - C:\Program Files\VMware\Infrastructure\VMware Capacity Planner\vcpCollector.exe
O23 - Service: IP4700 Trap Catcher (DTCserver) - Unknown owner - C:\Program Files\EMC\Navisphere Agent\dtcsrv.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\SYSTEM32\DWRCS.EXE
O23 - Service: EMC PowerPath Service 4.5.1 (EmcPowSrv) - EMC Corporation - C:\Program Files\EMC\PowerCommon\EmcPowSrv.exe
O23 - Service: IBM WebSphere Application Server V6 - ISC 6.0.1 Runtime Service (IBMWAS6Service - ISC 6.0.1 Runtime Service) - Unknown owner - C:\Program Files\IBM\ISC601\AppServer\bin\wasservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: ISC 6.0.1 Help Service - Unknown owner - C:\Program Files\IBM\ISC601\PortalServer\ISCEclipse\EclipseSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Navisphere Agent (Navisphere_Agent) - Unknown owner - C:\Program Files\EMC\Navisphere Agent\NaviAgent.Exe
O23 - Service: ONC/RPC Portmapper (oncportmap) - Unknown owner - C:\Program Files\QLogic Corporation\SANsurfer\portmap.exe
O23 - Service: QLogic Management Suite Java Agent (QLManagementAgentJava) - Unknown owner - C:\PROGRA~1\QLOGIC~1\SANSUR~1\qlremote.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\SNAC.EXE
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TSM Client Acceptor - IBM Corporation - C:\Program Files\Tivoli\TSM\baclient\dsmcad.exe
O23 - Service: TSM Remote Client Agent - IBM Corporation - C:\Program Files\Tivoli\TSM\baclient\dsmagent.exe
O23 - Service: TSM Scheduler - IBM Corporation - C:\Program Files\Tivoli\TSM\baclient\dsmcsvc.exe
O23 - Service: TSM Server1 - IBM Corporation - C:\PROGRA~1\Tivoli\TSM\Server\dsmsvc.exe
O23 - Service: TSM SQL backups - IBM Corporation - C:\Program Files\Tivoli\TSM\baclient\dsmcsvc.exe
O23 - Service: TSMReptSvc - IBM Corporation - C:\Program Files\Tivoli\TSM\console\tsmreptsvc.exe
O23 - Service: VMware Mount Service for VirtualCenter (vmountVpx) - VMware, Inc. - C:\Program Files\VMware\Infrastructure\VirtualCenter Server\vmount2.exe
O23 - Service: VMware License Server - Macrovision Corporation - C:\Program Files\VMware\VMware License Server\lmgrd.exe
O23 - Service: VMware Converter Enterprise Service (vmware-converter) - VMware, Inc. - C:\Program Files\VMware\Infrastructure\Converter Enterprise\vmware-converter.exe
O23 - Service: VMware Update Manager Service (vmware-ufad-vci) - VMware, Inc. - C:\Program Files\VMware\Infrastructure\Update Manager\vmware-updatemgr.exe
O23 - Service: VMware VirtualCenter Server (vpxd) - VMware, Inc. - C:\Program Files\VMware\Infrastructure\VirtualCenter Server\vpxd.exe
O23 - Service: VMware Infrastructure Web Access (webAccess) - Apache Software Foundation - C:\Program Files\VMware\Infrastructure\VirtualCenter Server\tomcat\bin\Tomcat5.exe

--
End of file - 10101 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:24:12 PM, on 4/16/2009
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Smc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\VMware\Infrastructure\VMware Capacity Planner\vcpCollector.exe
C:\Program Files\EMC\PowerCommon\EmcPowSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\IBM\ISC601\AppServer\bin\wasservice.exe
C:\Program Files\IBM\ISC601\PortalServer\ISCEclipse\EclipseSvc.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\IBM\ISC601\AppServer\java\bin\javaw.exe
C:\PROGRA~1\MICROS~1\MSSQL\binn\sqlservr.exe
C:\Program Files\EMC\Navisphere Agent\NaviAgent.Exe
C:\Program Files\QLogic Corporation\SANsurfer\portmap.exe
C:\PROGRA~1\QLOGIC~1\SANSUR~1\qlremote.exe
C:\Program Files\IBM\ISC601\AppServer\java\bin\java.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Tivoli\TSM\baclient\dsmcad.exe
C:\PROGRA~1\Tivoli\TSM\Server\dsmsvc.exe
C:\Program Files\Tivoli\TSM\baclient\dsmcsvc.exe
C:\Program Files\Tivoli\TSM\console\tsmreptsvc.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\VMware\VMware License Server\lmgrd.exe
C:\Program Files\VMware\Infrastructure\Converter Enterprise\vmware-converter.exe
C:\Program Files\VMware\VMware License Server\VMWARELM.exe
C:\Program Files\VMware\Infrastructure\Update Manager\vmware-updatemgr.exe
C:\Program Files\VMware\Infrastructure\VirtualCenter Server\vpxd.exe
C:\Program Files\VMware\Infrastructure\Update Manager\rdevServer.exe
C:\Program Files\VMware\Infrastructure\Update Manager\vum-webServer.exe
C:\Program Files\VMware\Infrastructure\VirtualCenter Server\tomcat\bin\Tomcat5.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\VMware\Infrastructure\Update Manager\jre-1.5.0-12\bin\java.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\SmcGui.exe
C:\Program Files\Broadcom\BACS\BacsTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\EMC\PowerCommon\EmcPowMon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\SYSTEM32\DWRCS.EXE
C:\WINDOWS\SYSTEM32\DWRCST.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet/default.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet/default.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet/default.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://intranet/default.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Mepco
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [bacstray] C:\Program Files\Broadcom\BACS\BacsTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - Global Startup: PowerPath Monitor.lnk = C:\Program Files\EMC\PowerCommon\EmcPowMon.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O14 - IERESET.INF: START_PAGE_URL=http://intranet/default.aspx
O15 - ESC Trusted Zone: http://runonce.msn.com
O16 - DPF: {22D82B43-FF26-455A-A96D-A6C61F056ED7} (Gif89 xLite Class) - http://10.2.3.254/xplugxLiteTW.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230573154018
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230573147128
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = emepco.com
O17 - HKLM\Software\..\Telephony: DomainName = emepco.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F8C9DEB-B192-4C9D-A173-17D64FD23972}: NameServer = 10.2.3.10,10.2.2.30
O17 - HKLM\System\CCS\Services\Tcpip\..\{B49CD4DC-BCE4-4EE7-9C63-ABF4D83B940A}: NameServer = 10.2.3.10,10.2.2.30
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = emepco.com
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: VMware Capacity Planner Service (Collector) - VMware ,Inc. - C:\Program Files\VMware\Infrastructure\VMware Capacity Planner\vcpCollector.exe
O23 - Service: IP4700 Trap Catcher (DTCserver) - Unknown owner - C:\Program Files\EMC\Navisphere Agent\dtcsrv.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\SYSTEM32\DWRCS.EXE
O23 - Service: EMC PowerPath Service 4.5.1 (EmcPowSrv) - EMC Corporation - C:\Program Files\EMC\PowerCommon\EmcPowSrv.exe
O23 - Service: IBM WebSphere Application Server V6 - ISC 6.0.1 Runtime Service (IBMWAS6Service - ISC 6.0.1 Runtime Service) - Unknown owner - C:\Program Files\IBM\ISC601\AppServer\bin\wasservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: ISC 6.0.1 Help Service - Unknown owner - C:\Program Files\IBM\ISC601\PortalServer\ISCEclipse\EclipseSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Navisphere Agent (Navisphere_Agent) - Unknown owner - C:\Program Files\EMC\Navisphere Agent\NaviAgent.Exe
O23 - Service: ONC/RPC Portmapper (oncportmap) - Unknown owner - C:\Program Files\QLogic Corporation\SANsurfer\portmap.exe
O23 - Service: QLogic Management Suite Java Agent (QLManagementAgentJava) - Unknown owner - C:\PROGRA~1\QLOGIC~1\SANSUR~1\qlremote.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\SNAC.EXE
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TSM Client Acceptor - IBM Corporation - C:\Program Files\Tivoli\TSM\baclient\dsmcad.exe
O23 - Service: TSM Remote Client Agent - IBM Corporation - C:\Program Files\Tivoli\TSM\baclient\dsmagent.exe
O23 - Service: TSM Scheduler - IBM Corporation - C:\Program Files\Tivoli\TSM\baclient\dsmcsvc.exe
O23 - Service: TSM Server1 - IBM Corporation - C:\PROGRA~1\Tivoli\TSM\Server\dsmsvc.exe
O23 - Service: TSM SQL backups - IBM Corporation - C:\Program Files\Tivoli\TSM\baclient\dsmcsvc.exe
O23 - Service: TSMReptSvc - IBM Corporation - C:\Program Files\Tivoli\TSM\console\tsmreptsvc.exe
O23 - Service: VMware Mount Service for VirtualCenter (vmountVpx) - VMware, Inc. - C:\Program Files\VMware\Infrastructure\VirtualCenter Server\vmount2.exe
O23 - Service: VMware License Server - Macrovision Corporation - C:\Program Files\VMware\VMware License Server\lmgrd.exe
O23 - Service: VMware Converter Enterprise Service (vmware-converter) - VMware, Inc. - C:\Program Files\VMware\Infrastructure\Converter Enterprise\vmware-converter.exe
O23 - Service: VMware Update Manager Service (vmware-ufad-vci) - VMware, Inc. - C:\Program Files\VMware\Infrastructure\Update Manager\vmware-updatemgr.exe
O23 - Service: VMware VirtualCenter Server (vpxd) - VMware, Inc. - C:\Program Files\VMware\Infrastructure\VirtualCenter Server\vpxd.exe
O23 - Service: VMware Infrastructure Web Access (webAccess) - Apache Software Foundation - C:\Program Files\VMware\Infrastructure\VirtualCenter Server\tomcat\bin\Tomcat5.exe

ASKER CERTIFIED SOLUTION
Avatar of Darius Ghassem
Darius Ghassem
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial