Thank you for responding to my previous post and offering help. I wasn't able to read it before today. Thank you VERY much.
Here is the original post
http://www.geekstogo..._1#entry2064640
I followed your instructions are below are the reports. VTR is attached.
VTR found and fixed 15 threats (backdoor.win32.Hupigon.nvki). All those backdoor trojans were related to software installed for a content writing company I contracted for on odesk a year ago. They said it was "safe" and "trusted."
After running VTR and getting rid of the trojans, it seemed like something was going on with computer that I was not doing, like programs opening and closing and the current window I was using minimizing. Got a few background messages that files were being deleted. A black DOS screen popped up that file 83520051 could not be uninstalled (_uninst 85320051).
Thank you again for any help you can provide.
***************************************OTL
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\IBP deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{71d7300a-3cd6-11df-b25a-00038a000015}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71d7300a-3cd6-11df-b25a-00038a000015}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{71d7300a-3cd6-11df-b25a-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71d7300a-3cd6-11df-b25a-00038a000015}\ not found.
File F:\start.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{beeaf9fa-d818-11e0-b232-ca011f7ec84b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{beeaf9fa-d818-11e0-b232-ca011f7ec84b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{beeaf9fa-d818-11e0-b232-ca011f7ec84b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{beeaf9fa-d818-11e0-b232-ca011f7ec84b}\ not found.
File F:\TL_Bootstrap.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c2dc51fa-d8d4-11e0-a567-e82bd520cc49}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c2dc51fa-d8d4-11e0-a567-e82bd520cc49}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c2dc51fa-d8d4-11e0-a567-e82bd520cc49}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c2dc51fa-d8d4-11e0-a567-e82bd520cc49}\ not found.
File F:\TL_Bootstrap.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2e0457e-1fbe-11df-9297-00038a000015}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e2e0457e-1fbe-11df-9297-00038a000015}\ not found.
File F:\Connect.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f1f7b803-b1d8-11df-aa50-ec20cd1f4623}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f1f7b803-b1d8-11df-aa50-ec20cd1f4623}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f1f7b803-b1d8-11df-aa50-ec20cd1f4623}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f1f7b803-b1d8-11df-aa50-ec20cd1f4623}\ not found.
File G:\setup.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\start.exe not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: econtent
->Temp folder emptied: 43346869 bytes
->Temporary Internet Files folder emptied: 353455223 bytes
->Java cache emptied: 7348148 bytes
->FireFox cache emptied: 43781830 bytes
->Google Chrome cache emptied: 819568 bytes
->Flash cache emptied: 8151905 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 219989057 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 34295 bytes
Total Files Cleaned = 646.00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: econtent
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.29.1 log created on 10242011_164959
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
*************************************** GMER
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-10-24 18:05:07
Windows 6.0.6002 Service Pack 2
Running: busdrkmz.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00247e1c406d
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00247e1c406d (not active ControlSet)
---- EOF - GMER 1.0.15 ----
*************************************************VTR
VTR is attached.
Edited by adamsmom, 25 October 2011 - 12:03 AM.
Sign In
Create Account
