context menu hiding behind active window

Page 2 of 2 FirstFirst 12

  1. Posts : 1,810
    Dual Boot: Windows 8.1 & Server 2012r2 VMs: Kali Linux, Backbox, Matriux, Windows 8.1
       #11

    I would like to see the log of Malwarebytes. Are we saying Malwarebytes found 49 instances of a rootkit, or you ran the scan with rootkit enabled and you got 49 hits total? Im not certain but I think when you perform a custom scan it does a deeper scan than the quick scan by default, so finding 49 instances of something isn't that concerning.. 49 instances of a rootkit specifically? Time to wipe and reinstall.
      My Computer


  2. Posts : 8
    Windows 7 Ultimate x64
    Thread Starter
       #12

    here's the malwarebytes log. i don't know the severity of the issues found. i can do a reinstall if that's what you all recommend.


    Malwarebytes Anti-Malware
    Malwarebytes | Free Anti-Malware & Internet Security Software

    Scan Date: 3/29/2015
    Scan Time: 8:26:28 PM
    Logfile:
    Administrator: Yes

    Version: 2.00.4.1028
    Malware Database: v2015.03.30.01
    Rootkit Database: v2015.03.26.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Riddick51PB

    Scan Type: Custom Scan
    Result: Completed
    Objects Scanned: 543506
    Time Elapsed: 16 min, 48 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 41
    PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\CLSID\{1112dad7-ff1a-4335-9f07-a6ad0837d324}, Quarantined, [76aa29210a80df57576a55e3fb07e719],
    PUP.Optional.Multiplug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{1112DAD7-FF1A-4335-9F07-A6AD0837D324}, Quarantined, [76aa29210a80df57576a55e3fb07e719],
    PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\P1112dad7_ff1a_4335_9f07_a6ad0837d324_.P1112dad7_ff1a_4335_9f07_a6ad0837d324_, Quarantined, [76aa29210a80df57576a55e3fb07e719],
    PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\P1112dad7_ff1a_4335_9f07_a6ad0837d324_.P1112dad7_ff1a_4335_9f07_a6ad0837d324_. 9, Quarantined, [76aa29210a80df57576a55e3fb07e719],
    PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\P1112dad7_ff1a_4335_9f07_a6ad0837d324_.P1112dad7_ff1a_4335_9f07_a6 ad0837d324_, Quarantined, [76aa29210a80df57576a55e3fb07e719],
    PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\P1112dad7_ff1a_4335_9f07_a6ad0837d324_.P1112dad7_ff1a_4335_9f07_a6 ad0837d324_.9, Quarantined, [76aa29210a80df57576a55e3fb07e719],
    PUP.Optional.Multiplug, HKU\S-1-5-21-2719538298-1715437929-973194817-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{1112DAD7-FF1A-4335-9F07-A6AD0837D324}, Quarantined, [76aa29210a80df57576a55e3fb07e719],
    PUP.Optional.Multiplug, HKU\S-1-5-21-2719538298-1715437929-973194817-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{1112DAD7-FF1A-4335-9F07-A6AD0837D324}, Quarantined, [76aa29210a80df57576a55e3fb07e719],
    PUP.Optional.Multiplug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{1112DAD7-FF1A-4335-9F07-A6AD0837D324}, Quarantined, [76aa29210a80df57576a55e3fb07e719],
    PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\CLSID\{1112DAD7-FF1A-4335-9F07-A6AD0837D324}\INPROCSERVER32, Quarantined, [76aa29210a80df57576a55e3fb07e719],
    PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\CLSID\{40a471db-a12b-4107-be22-8089c29b89fe}, Quarantined, [9c84bb8fd8b2c96dc6fbdd5b34ce2ad6],
    PUP.Optional.Multiplug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{40A471DB-A12B-4107-BE22-8089C29B89FE}, Quarantined, [9c84bb8fd8b2c96dc6fbdd5b34ce2ad6],
    PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\P40a471db_a12b_4107_be22_8089c29b89fe_.P40a471db_a12b_4107_be22_8089c29b89fe_, Quarantined, [9c84bb8fd8b2c96dc6fbdd5b34ce2ad6],
    PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\P40a471db_a12b_4107_be22_8089c29b89fe_.P40a471db_a12b_4107_be22_8089c29b89fe_. 9, Quarantined, [9c84bb8fd8b2c96dc6fbdd5b34ce2ad6],
    PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\P40a471db_a12b_4107_be22_8089c29b89fe_.P40a471db_a12b_4107_be22_80 89c29b89fe_, Quarantined, [9c84bb8fd8b2c96dc6fbdd5b34ce2ad6],
    PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\P40a471db_a12b_4107_be22_8089c29b89fe_.P40a471db_a12b_4107_be22_80 89c29b89fe_.9, Quarantined, [9c84bb8fd8b2c96dc6fbdd5b34ce2ad6],
    PUP.Optional.Multiplug, HKU\S-1-5-21-2719538298-1715437929-973194817-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{40A471DB-A12B-4107-BE22-8089C29B89FE}, Quarantined, [9c84bb8fd8b2c96dc6fbdd5b34ce2ad6],
    PUP.Optional.Multiplug, HKU\S-1-5-21-2719538298-1715437929-973194817-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{40A471DB-A12B-4107-BE22-8089C29B89FE}, Quarantined, [9c84bb8fd8b2c96dc6fbdd5b34ce2ad6],
    PUP.Optional.Multiplug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{40A471DB-A12B-4107-BE22-8089C29B89FE}, Quarantined, [9c84bb8fd8b2c96dc6fbdd5b34ce2ad6],
    PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{40A471DB-A12B-4107-BE22-8089C29B89FE}, Quarantined, [9c84bb8fd8b2c96dc6fbdd5b34ce2ad6],
    PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\CLSID\{40A471DB-A12B-4107-BE22-8089C29B89FE}\INPROCSERVER32, Quarantined, [9c84bb8fd8b2c96dc6fbdd5b34ce2ad6],
    PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\CLSID\{5591778b-6cf6-4344-8109-f89fd009d415}, Quarantined, [44dc88c249415dd9f0d1cf69649e7090],
    PUP.Optional.Multiplug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{5591778B-6CF6-4344-8109-F89FD009D415}, Quarantined, [44dc88c249415dd9f0d1cf69649e7090],
    PUP.Optional.Multiplug, HKU\S-1-5-21-2719538298-1715437929-973194817-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{5591778B-6CF6-4344-8109-F89FD009D415}, Quarantined, [44dc88c249415dd9f0d1cf69649e7090],
    PUP.Optional.Multiplug, HKU\S-1-5-21-2719538298-1715437929-973194817-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{5591778B-6CF6-4344-8109-F89FD009D415}, Quarantined, [44dc88c249415dd9f0d1cf69649e7090],
    PUP.Optional.Multiplug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{5591778B-6CF6-4344-8109-F89FD009D415}, Quarantined, [44dc88c249415dd9f0d1cf69649e7090],
    PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{5591778B-6CF6-4344-8109-F89FD009D415}, Quarantined, [44dc88c249415dd9f0d1cf69649e7090],
    PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\CLSID\{5591778B-6CF6-4344-8109-F89FD009D415}\INPROCSERVER32, Quarantined, [44dc88c249415dd9f0d1cf69649e7090],
    PUP.Optional.IntelliTerm.A, HKLM\SOFTWARE\WOW6432NODE\IntelliTerm_1.10.0.8, Quarantined, [70b061e93852ee48caa9d77449bc619f],
    PUP.Optional.IntelliTerm.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\itnfd_1_10_0_8, Quarantined, [819f0f3b3a5085b19fd222297e87768a],
    PUP.Optional.Squeaky.A, HKU\S-1-5-21-2719538298-1715437929-973194817-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Squeaky, Quarantined, [7da3f1593a50f73f6078c3fa0bf8e41c],
    PUP.Optional.CouponPeak.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{41F978F3-431A-4464-A789-5C0692D562FB}, Quarantined, [af71bc8eb7d3a591e2a16b3a3ec533cd],
    PUP.Optional.CouponPeak.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{138E44EF-8988-4DC7-8F48-FBC4FCEF83D1}, Quarantined, [af71bc8eb7d3a591e2a16b3a3ec533cd],
    PUP.Optional.CouponPeak.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{BB50CC62-09E1-4DD9-912C-F1DA4D6D71D8}, Quarantined, [af71bc8eb7d3a591e2a16b3a3ec533cd],
    PUP.Optional.CouponPeak.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E481A870-86C7-44E1-97DF-E759FC147CBE}, Quarantined, [af71bc8eb7d3a591e2a16b3a3ec533cd],
    PUP.Optional.CouponPeak.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FE332809-93C1-48DF-929F-AEC0BC4BFCFE}, Quarantined, [af71bc8eb7d3a591e2a16b3a3ec533cd],
    PUP.Optional.CouponPeak.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{138E44EF-8988-4DC7-8F48-FBC4FCEF83D1}, Quarantined, [af71bc8eb7d3a591e2a16b3a3ec533cd],
    PUP.Optional.CouponPeak.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{BB50CC62-09E1-4DD9-912C-F1DA4D6D71D8}, Quarantined, [af71bc8eb7d3a591e2a16b3a3ec533cd],
    PUP.Optional.CouponPeak.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E481A870-86C7-44E1-97DF-E759FC147CBE}, Quarantined, [af71bc8eb7d3a591e2a16b3a3ec533cd],
    PUP.Optional.CouponPeak.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FE332809-93C1-48DF-929F-AEC0BC4BFCFE}, Quarantined, [af71bc8eb7d3a591e2a16b3a3ec533cd],
    PUP.Optional.CouponPeak.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{41F978F3-431A-4464-A789-5C0692D562FB}, Quarantined, [af71bc8eb7d3a591e2a16b3a3ec533cd],

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 1
    PUP.Optional.CouponPeak.A, C:\Program Files (x86)\CouponpeAk, Quarantined, [af71bc8eb7d3a591e2a16b3a3ec533cd],

    Files: 7
    PUP.Optional.Multiplug, C:\Program Files (x86)\CouponpeAk\avNB2wd2TBHYYs.x64.dll, Quarantined, [76aa29210a80df57576a55e3fb07e719],
    PUP.Optional.Multiplug, C:\Program Files (x86)\ExxteraShopPer\FWNO0TVR9CiF6q.x64.dll, Quarantined, [9c84bb8fd8b2c96dc6fbdd5b34ce2ad6],
    PUP.Optional.Multiplug, C:\Program Files (x86)\shopNdroup\6tkQyBmnwHsOfS.x64.dll, Quarantined, [44dc88c249415dd9f0d1cf69649e7090],
    PUP.Optional.Multiplug.A, C:\Program Files (x86)\CouponpeAk\avNB2wd2TBHYYs.dll, Quarantined, [e43c56f44743c076e1baa68bcb376b95],
    PUP.Optional.CouponPeak.A, C:\Program Files (x86)\CouponpeAk\avNB2wd2TBHYYs.dat, Quarantined, [af71bc8eb7d3a591e2a16b3a3ec533cd],
    PUP.Optional.CouponPeak.A, C:\Program Files (x86)\CouponpeAk\avNB2wd2TBHYYs.tlb, Quarantined, [af71bc8eb7d3a591e2a16b3a3ec533cd],
    PUP.Optional.Binkiland.A, C:\Users\Riddick51PB\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences, Good: (), Bad: ( "homepage": "http://binkiland.com/?f=1&a=bnk_ir_15_07&cd=2XzuyEtN2Y1L1QzutDtDtByDtBtB0C0CtByC0EyC0A0A0D0EtN0D0Tzu0StCtCtAyCtN1L2XzutAt FyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StD0BtD0CtA0ByEzytGyCtDtA0EtGyD0ByDyCtGyDyD0 AtBtGyBtByEtCtD0B0FyB0C0AyCtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CtB0A0DtA0C0DyCtG0E0D0B0AtGyE0EzzyBtG0BtAzzy EtGyEtCyBzy0F0EyB0AyB0A0Bzy2Q&cr=498679009&ir=",), Replaced,[c55b54f6f397c86e9414152431d521df]

    Physical Sectors: 0
    (No malicious items detected)


    (end)
      My Computer


  3. Posts : 25,847
    Windows 10 Pro. 64/ version 1709 Windows 7 Pro/64
       #13

    One hellofa list you got their.
    They all seem to be PUP's. I would have them on my system. I would remove them all from my system, reboot and run Malwarebytes again. I don't see any rootkits. Then I would do a quick clean using Ccleaner without using the Registry section.
    Reboot and see how things work.

    Then I would use AdwCleaner from the Bleeping Computer site. Make sure you tick on the big blue box Download Now @ Bleeping Computer and no where else.

    AdwCleaner Download


    PUP (potentially unwanted program)


    context menu hiding behind active window-adwcleaner-1-2-.jpg
    Last edited by Layback Bear; 30 Mar 2015 at 09:03. Reason: added picture
      My Computer


  4. Posts : 8
    Windows 7 Ultimate x64
    Thread Starter
       #14

    i thank you all for your advice and helpful links which i will no doubt use in the future.

    for right now, i'm gonna reinstall win7 and be done with all this (for at least a week i hope laff)
      My Computer


  5. Posts : 25,847
    Windows 10 Pro. 64/ version 1709 Windows 7 Pro/64
       #15

    Clean install is a great idea.

    Here is a tutorial by Brink that will help guide you if need be.

    Clean Install Windows 7
      My Computer


 
Page 2 of 2 FirstFirst 12

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 18:39.
Find Us