?
Solved

How can I remove the "Winhole" trojan?

Posted on 2009-04-16
5
Medium Priority
?
3,722 Views
Last Modified: 2012-05-06
GFI Languard is detecting 1081 (Winhole) open on one of my systems... Any idea how to close it / remove it?  Windows Server 2003 SP2
0
Comment
Question by:OverSeer
  • 3
  • 2
5 Comments
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 24161150
Use Malwarebytes to remove the system.
0
 
LVL 5

Author Comment

by:OverSeer
ID: 24162258
Malwarebytes only showed 2 registry entries that didn't even have to deal with Winhole...  Any other ideas?
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 24162450
Winhole is usually a port that is opened for the trojan. Do Highjack scan and post the log please.
0
 
LVL 5

Author Comment

by:OverSeer
ID: 24162803
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:24:12 PM, on 4/16/2009
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Smc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\VMware\Infrastructure\VMware Capacity Planner\vcpCollector.exe
C:\Program Files\EMC\PowerCommon\EmcPowSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\IBM\ISC601\AppServer\bin\wasservice.exe
C:\Program Files\IBM\ISC601\PortalServer\ISCEclipse\EclipseSvc.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\IBM\ISC601\AppServer\java\bin\javaw.exe
C:\PROGRA~1\MICROS~1\MSSQL\binn\sqlservr.exe
C:\Program Files\EMC\Navisphere Agent\NaviAgent.Exe
C:\Program Files\QLogic Corporation\SANsurfer\portmap.exe
C:\PROGRA~1\QLOGIC~1\SANSUR~1\qlremote.exe
C:\Program Files\IBM\ISC601\AppServer\java\bin\java.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Tivoli\TSM\baclient\dsmcad.exe
C:\PROGRA~1\Tivoli\TSM\Server\dsmsvc.exe
C:\Program Files\Tivoli\TSM\baclient\dsmcsvc.exe
C:\Program Files\Tivoli\TSM\console\tsmreptsvc.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\VMware\VMware License Server\lmgrd.exe
C:\Program Files\VMware\Infrastructure\Converter Enterprise\vmware-converter.exe
C:\Program Files\VMware\VMware License Server\VMWARELM.exe
C:\Program Files\VMware\Infrastructure\Update Manager\vmware-updatemgr.exe
C:\Program Files\VMware\Infrastructure\VirtualCenter Server\vpxd.exe
C:\Program Files\VMware\Infrastructure\Update Manager\rdevServer.exe
C:\Program Files\VMware\Infrastructure\Update Manager\vum-webServer.exe
C:\Program Files\VMware\Infrastructure\VirtualCenter Server\tomcat\bin\Tomcat5.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\VMware\Infrastructure\Update Manager\jre-1.5.0-12\bin\java.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\SmcGui.exe
C:\Program Files\Broadcom\BACS\BacsTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\EMC\PowerCommon\EmcPowMon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\SYSTEM32\DWRCS.EXE
C:\WINDOWS\SYSTEM32\DWRCST.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet/default.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet/default.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet/default.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://intranet/default.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Mepco
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [bacstray] C:\Program Files\Broadcom\BACS\BacsTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - Global Startup: PowerPath Monitor.lnk = C:\Program Files\EMC\PowerCommon\EmcPowMon.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O14 - IERESET.INF: START_PAGE_URL=http://intranet/default.aspx
O15 - ESC Trusted Zone: http://runonce.msn.com
O16 - DPF: {22D82B43-FF26-455A-A96D-A6C61F056ED7} (Gif89 xLite Class) - http://10.2.3.254/xplugxLiteTW.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230573154018
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230573147128
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = emepco.com
O17 - HKLM\Software\..\Telephony: DomainName = emepco.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F8C9DEB-B192-4C9D-A173-17D64FD23972}: NameServer = 10.2.3.10,10.2.2.30
O17 - HKLM\System\CCS\Services\Tcpip\..\{B49CD4DC-BCE4-4EE7-9C63-ABF4D83B940A}: NameServer = 10.2.3.10,10.2.2.30
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = emepco.com
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: VMware Capacity Planner Service (Collector) - VMware ,Inc. - C:\Program Files\VMware\Infrastructure\VMware Capacity Planner\vcpCollector.exe
O23 - Service: IP4700 Trap Catcher (DTCserver) - Unknown owner - C:\Program Files\EMC\Navisphere Agent\dtcsrv.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\SYSTEM32\DWRCS.EXE
O23 - Service: EMC PowerPath Service 4.5.1 (EmcPowSrv) - EMC Corporation - C:\Program Files\EMC\PowerCommon\EmcPowSrv.exe
O23 - Service: IBM WebSphere Application Server V6 - ISC 6.0.1 Runtime Service (IBMWAS6Service - ISC 6.0.1 Runtime Service) - Unknown owner - C:\Program Files\IBM\ISC601\AppServer\bin\wasservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: ISC 6.0.1 Help Service - Unknown owner - C:\Program Files\IBM\ISC601\PortalServer\ISCEclipse\EclipseSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Navisphere Agent (Navisphere_Agent) - Unknown owner - C:\Program Files\EMC\Navisphere Agent\NaviAgent.Exe
O23 - Service: ONC/RPC Portmapper (oncportmap) - Unknown owner - C:\Program Files\QLogic Corporation\SANsurfer\portmap.exe
O23 - Service: QLogic Management Suite Java Agent (QLManagementAgentJava) - Unknown owner - C:\PROGRA~1\QLOGIC~1\SANSUR~1\qlremote.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\SNAC.EXE
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TSM Client Acceptor - IBM Corporation - C:\Program Files\Tivoli\TSM\baclient\dsmcad.exe
O23 - Service: TSM Remote Client Agent - IBM Corporation - C:\Program Files\Tivoli\TSM\baclient\dsmagent.exe
O23 - Service: TSM Scheduler - IBM Corporation - C:\Program Files\Tivoli\TSM\baclient\dsmcsvc.exe
O23 - Service: TSM Server1 - IBM Corporation - C:\PROGRA~1\Tivoli\TSM\Server\dsmsvc.exe
O23 - Service: TSM SQL backups - IBM Corporation - C:\Program Files\Tivoli\TSM\baclient\dsmcsvc.exe
O23 - Service: TSMReptSvc - IBM Corporation - C:\Program Files\Tivoli\TSM\console\tsmreptsvc.exe
O23 - Service: VMware Mount Service for VirtualCenter (vmountVpx) - VMware, Inc. - C:\Program Files\VMware\Infrastructure\VirtualCenter Server\vmount2.exe
O23 - Service: VMware License Server - Macrovision Corporation - C:\Program Files\VMware\VMware License Server\lmgrd.exe
O23 - Service: VMware Converter Enterprise Service (vmware-converter) - VMware, Inc. - C:\Program Files\VMware\Infrastructure\Converter Enterprise\vmware-converter.exe
O23 - Service: VMware Update Manager Service (vmware-ufad-vci) - VMware, Inc. - C:\Program Files\VMware\Infrastructure\Update Manager\vmware-updatemgr.exe
O23 - Service: VMware VirtualCenter Server (vpxd) - VMware, Inc. - C:\Program Files\VMware\Infrastructure\VirtualCenter Server\vpxd.exe
O23 - Service: VMware Infrastructure Web Access (webAccess) - Apache Software Foundation - C:\Program Files\VMware\Infrastructure\VirtualCenter Server\tomcat\bin\Tomcat5.exe

--
End of file - 10101 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:24:12 PM, on 4/16/2009
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Smc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\VMware\Infrastructure\VMware Capacity Planner\vcpCollector.exe
C:\Program Files\EMC\PowerCommon\EmcPowSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\IBM\ISC601\AppServer\bin\wasservice.exe
C:\Program Files\IBM\ISC601\PortalServer\ISCEclipse\EclipseSvc.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\IBM\ISC601\AppServer\java\bin\javaw.exe
C:\PROGRA~1\MICROS~1\MSSQL\binn\sqlservr.exe
C:\Program Files\EMC\Navisphere Agent\NaviAgent.Exe
C:\Program Files\QLogic Corporation\SANsurfer\portmap.exe
C:\PROGRA~1\QLOGIC~1\SANSUR~1\qlremote.exe
C:\Program Files\IBM\ISC601\AppServer\java\bin\java.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Tivoli\TSM\baclient\dsmcad.exe
C:\PROGRA~1\Tivoli\TSM\Server\dsmsvc.exe
C:\Program Files\Tivoli\TSM\baclient\dsmcsvc.exe
C:\Program Files\Tivoli\TSM\console\tsmreptsvc.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\VMware\VMware License Server\lmgrd.exe
C:\Program Files\VMware\Infrastructure\Converter Enterprise\vmware-converter.exe
C:\Program Files\VMware\VMware License Server\VMWARELM.exe
C:\Program Files\VMware\Infrastructure\Update Manager\vmware-updatemgr.exe
C:\Program Files\VMware\Infrastructure\VirtualCenter Server\vpxd.exe
C:\Program Files\VMware\Infrastructure\Update Manager\rdevServer.exe
C:\Program Files\VMware\Infrastructure\Update Manager\vum-webServer.exe
C:\Program Files\VMware\Infrastructure\VirtualCenter Server\tomcat\bin\Tomcat5.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\VMware\Infrastructure\Update Manager\jre-1.5.0-12\bin\java.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\SmcGui.exe
C:\Program Files\Broadcom\BACS\BacsTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\EMC\PowerCommon\EmcPowMon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\SYSTEM32\DWRCS.EXE
C:\WINDOWS\SYSTEM32\DWRCST.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet/default.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet/default.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet/default.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://intranet/default.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Mepco
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [bacstray] C:\Program Files\Broadcom\BACS\BacsTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - Global Startup: PowerPath Monitor.lnk = C:\Program Files\EMC\PowerCommon\EmcPowMon.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O14 - IERESET.INF: START_PAGE_URL=http://intranet/default.aspx
O15 - ESC Trusted Zone: http://runonce.msn.com
O16 - DPF: {22D82B43-FF26-455A-A96D-A6C61F056ED7} (Gif89 xLite Class) - http://10.2.3.254/xplugxLiteTW.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230573154018
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230573147128
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = emepco.com
O17 - HKLM\Software\..\Telephony: DomainName = emepco.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F8C9DEB-B192-4C9D-A173-17D64FD23972}: NameServer = 10.2.3.10,10.2.2.30
O17 - HKLM\System\CCS\Services\Tcpip\..\{B49CD4DC-BCE4-4EE7-9C63-ABF4D83B940A}: NameServer = 10.2.3.10,10.2.2.30
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = emepco.com
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: VMware Capacity Planner Service (Collector) - VMware ,Inc. - C:\Program Files\VMware\Infrastructure\VMware Capacity Planner\vcpCollector.exe
O23 - Service: IP4700 Trap Catcher (DTCserver) - Unknown owner - C:\Program Files\EMC\Navisphere Agent\dtcsrv.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\SYSTEM32\DWRCS.EXE
O23 - Service: EMC PowerPath Service 4.5.1 (EmcPowSrv) - EMC Corporation - C:\Program Files\EMC\PowerCommon\EmcPowSrv.exe
O23 - Service: IBM WebSphere Application Server V6 - ISC 6.0.1 Runtime Service (IBMWAS6Service - ISC 6.0.1 Runtime Service) - Unknown owner - C:\Program Files\IBM\ISC601\AppServer\bin\wasservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: ISC 6.0.1 Help Service - Unknown owner - C:\Program Files\IBM\ISC601\PortalServer\ISCEclipse\EclipseSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Navisphere Agent (Navisphere_Agent) - Unknown owner - C:\Program Files\EMC\Navisphere Agent\NaviAgent.Exe
O23 - Service: ONC/RPC Portmapper (oncportmap) - Unknown owner - C:\Program Files\QLogic Corporation\SANsurfer\portmap.exe
O23 - Service: QLogic Management Suite Java Agent (QLManagementAgentJava) - Unknown owner - C:\PROGRA~1\QLOGIC~1\SANSUR~1\qlremote.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\SNAC.EXE
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TSM Client Acceptor - IBM Corporation - C:\Program Files\Tivoli\TSM\baclient\dsmcad.exe
O23 - Service: TSM Remote Client Agent - IBM Corporation - C:\Program Files\Tivoli\TSM\baclient\dsmagent.exe
O23 - Service: TSM Scheduler - IBM Corporation - C:\Program Files\Tivoli\TSM\baclient\dsmcsvc.exe
O23 - Service: TSM Server1 - IBM Corporation - C:\PROGRA~1\Tivoli\TSM\Server\dsmsvc.exe
O23 - Service: TSM SQL backups - IBM Corporation - C:\Program Files\Tivoli\TSM\baclient\dsmcsvc.exe
O23 - Service: TSMReptSvc - IBM Corporation - C:\Program Files\Tivoli\TSM\console\tsmreptsvc.exe
O23 - Service: VMware Mount Service for VirtualCenter (vmountVpx) - VMware, Inc. - C:\Program Files\VMware\Infrastructure\VirtualCenter Server\vmount2.exe
O23 - Service: VMware License Server - Macrovision Corporation - C:\Program Files\VMware\VMware License Server\lmgrd.exe
O23 - Service: VMware Converter Enterprise Service (vmware-converter) - VMware, Inc. - C:\Program Files\VMware\Infrastructure\Converter Enterprise\vmware-converter.exe
O23 - Service: VMware Update Manager Service (vmware-ufad-vci) - VMware, Inc. - C:\Program Files\VMware\Infrastructure\Update Manager\vmware-updatemgr.exe
O23 - Service: VMware VirtualCenter Server (vpxd) - VMware, Inc. - C:\Program Files\VMware\Infrastructure\VirtualCenter Server\vpxd.exe
O23 - Service: VMware Infrastructure Web Access (webAccess) - Apache Software Foundation - C:\Program Files\VMware\Infrastructure\VirtualCenter Server\tomcat\bin\Tomcat5.exe

0
 
LVL 59

Accepted Solution

by:
Darius Ghassem earned 750 total points
ID: 24162842
Have you restart the system since you ran the Malwarebytes? Do this. Then see if the Alert appears again.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

One of the biggest threats facing all high-value targets are APT's.  These threats include sophisticated tactics that "often starts with mapping human organization and collecting intelligence on employees, who are nowadays a weaker link than network…
Phishing emails are a popular malware delivery vehicle for attack.  While there are many ways for an attacker to increase the chances of success for their phishing emails, one of the most effective methods involves spoofing the message to appear to …
This Micro Tutorial will teach you how to add a cinematic look to any film or video out there. There are very few simple steps that you will follow to do so. This will be demonstrated using Adobe Premiere Pro CS6.
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question