Ran a setup.exe from unknown source and something tried to export my VPN key (saw my VPN info on screen waiting for password to export) and received a bunch of svchost popups for outbound firewall, all of which I blocked.
Rebooted machine, ran Trojan Remover and Malware Bytes quick scan, which found nothing. Also ran Malware Bytes full scan of C drive with nothing found.
Found 3 folders (from time of incident) under my Roaming folder (C:\Users\John\AppData\Roaming) with various files---deleted all 3 folders.
Any ideas what this is? I want to make sure it is all gone.
During all the svchost popups from my NIS firewall, they wouldn't stop even though I kept clikcing not allowed so I eventually rebooted while setup.exe running.
UPDATE: This setup.exe was run around 1:30pm on 4/20/2012.
I did find this: https://www.torproject.org/docs/hidden-services.html.en
Edited by luddy, 21 April 2012 - 10:57 AM.