Hi -
I previously found the above Trojan on my computer. I think I have removed it but would like some assistance reviewing the files and running other programs to ensure it is gone. I have Kaspersky and the latest Quick Scan does not show anything. I do not know if it is related, but in May I had issues as well which I believe I fixed by deleting the infected files. I'm attaching bellow the MBAM file from today's scan (it is clean) and the DDM files. At the bottom I'm attaching the MBAM file from May for your reference.
Thanks for your help.
J
ps: it says I'm over 50k characters, so, I'm going to reply to include the file from May.
--------------------
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 8/14/2014
Scan Time: 8:18:30 PM
Logfile:
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.08.14.12
Rootkit Database: v2014.08.04.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Sandy Family
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 273404
Time Elapsed: 6 min, 48 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
-----------------------------
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17207
Run by Sandy Family at 20:37:16 on 2014-08-14
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3510.1837 [GMT -4:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
SP: Kaspersky Internet Security *Enabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\IDT\WDM\STacSV.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Users\Sandy Family\AppData\Local\Box\Box Edit\Box Edit.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
--------------------------------------
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 3/8/2014 7:42:16 AM
System Uptime: 8/14/2014 8:30:06 PM (0 hours ago)
.
Motherboard: Dell Inc. | |
Processor: Intel(R) Core(TM) i5 CPU M 540 @ 2.53GHz | CPU 1 | 2534/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 219 GiB total, 177.681 GiB free.
D: is FIXED (NTFS) - 14 GiB total, 9.183 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe Flash Player 14 ActiveX
Adobe Reader XI (11.0.08)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
BioAPI Framework
Bonjour
Box Edit
D3DX10
Dell Control Point
Dell ControlPoint Security Manager
Dell ControlVault Host Components Installer
Dell Embassy Trust Suite by Wave Systems
Dell Security Device Driver Pack
Dell Touchpad
Dell Webcam Central
Document Manager Lite
EMBASSY Security Center
EMBASSY Security Setup
ESC Home Page Plugin
Gemalto
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
iTunes
Junk Mail filter update
Kaspersky Internet Security
Live! Cam Avatar Creator
Malwarebytes Anti-Malware version 2.0.2.1012
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office Professional Plus 2013 - en-us
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Movie Maker
Mozilla Firefox 29.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT110
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NTRU TCG Software Stack
Office 15 Click-to-Run Extensibility Component
Office 15 Click-to-Run Licensing Component
Office 15 Click-to-Run Localization Component
Photo Common
Photo Gallery
Preboot Manager
Private Information Manager
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Wizards
SES Driver
SmartMusic
Trusted Drive Manager
UPEK TouchChip Fingerprint Reader
Wave Infrastructure Installer
Wave Support Software
Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
8/14/2014 8:30:23 PM, Error: Service Control Manager [7001] - The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services service which failed to start because of the following error: The operation completed successfully.
.
==== End Of File ===========================
I previously found the above Trojan on my computer. I think I have removed it but would like some assistance reviewing the files and running other programs to ensure it is gone. I have Kaspersky and the latest Quick Scan does not show anything. I do not know if it is related, but in May I had issues as well which I believe I fixed by deleting the infected files. I'm attaching bellow the MBAM file from today's scan (it is clean) and the DDM files. At the bottom I'm attaching the MBAM file from May for your reference.
Thanks for your help.
J
ps: it says I'm over 50k characters, so, I'm going to reply to include the file from May.
--------------------
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 8/14/2014
Scan Time: 8:18:30 PM
Logfile:
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.08.14.12
Rootkit Database: v2014.08.04.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Sandy Family
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 273404
Time Elapsed: 6 min, 48 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
-----------------------------
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17207
Run by Sandy Family at 20:37:16 on 2014-08-14
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3510.1837 [GMT -4:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
SP: Kaspersky Internet Security *Enabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\IDT\WDM\STacSV.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Users\Sandy Family\AppData\Local\Box\Box Edit\Box Edit.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
--------------------------------------
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 3/8/2014 7:42:16 AM
System Uptime: 8/14/2014 8:30:06 PM (0 hours ago)
.
Motherboard: Dell Inc. | |
Processor: Intel(R) Core(TM) i5 CPU M 540 @ 2.53GHz | CPU 1 | 2534/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 219 GiB total, 177.681 GiB free.
D: is FIXED (NTFS) - 14 GiB total, 9.183 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe Flash Player 14 ActiveX
Adobe Reader XI (11.0.08)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
BioAPI Framework
Bonjour
Box Edit
D3DX10
Dell Control Point
Dell ControlPoint Security Manager
Dell ControlVault Host Components Installer
Dell Embassy Trust Suite by Wave Systems
Dell Security Device Driver Pack
Dell Touchpad
Dell Webcam Central
Document Manager Lite
EMBASSY Security Center
EMBASSY Security Setup
ESC Home Page Plugin
Gemalto
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
iTunes
Junk Mail filter update
Kaspersky Internet Security
Live! Cam Avatar Creator
Malwarebytes Anti-Malware version 2.0.2.1012
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office Professional Plus 2013 - en-us
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Movie Maker
Mozilla Firefox 29.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT110
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NTRU TCG Software Stack
Office 15 Click-to-Run Extensibility Component
Office 15 Click-to-Run Licensing Component
Office 15 Click-to-Run Localization Component
Photo Common
Photo Gallery
Preboot Manager
Private Information Manager
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Wizards
SES Driver
SmartMusic
Trusted Drive Manager
UPEK TouchChip Fingerprint Reader
Wave Infrastructure Installer
Wave Support Software
Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
8/14/2014 8:30:23 PM, Error: Service Control Manager [7001] - The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services service which failed to start because of the following error: The operation completed successfully.
.
==== End Of File ===========================