context menu hiding behind active window

[Riddick51PB]

my context menu is hiding behind the active window. wondering how to fix this.

here's an example of what i see in the image below:

my mouse left-clicked on "RiDDiCK" in the AFK channel. then, i right-click while i'm in that position. notice the context menu is hidden behind the active window. the same thing happens on firefox as you can see below:

in the above image, notice how the mouse has left-clicked on the yellow folder "Bookmarks" in the bookmark toolbar. now if you look all the way at the bottom of this image, you can see the very last few bookmarks. the rest of the bookmarks under "Bookmark" are hidden.

any idea how to fix?

 

[paul1149]

I would start with a SFC /Scannow in an elevated command window. If this started suddenly, you could go back to a Restore Point. Also, a deep scan for malware may be called for.

 

[Riddick51PB]

i ran malewarebytes quick scan then rebooted. then the function returned to normal.

thanks for responding.

 

[Layback Bear]

Could you tell us what Malwarebytes found?

 

[Riddick51PB]

malwarebytes didn't find anything suspicious. the reboot "apparently" fixed the problem.

what happened was a guy i thought was legit messaged me on steam. he put a link in his steam message. i'm not going to put that link here unless specifically requested. it was very cryptic. it looked like the razer website, but had one random letter added to it. if you read the link fast, you'd miss that random letter, which was bogus. it took me to a bogus "razer" website. i tried to dl that link, as the guy specified. it started an executable for some type of remote manager. i checked task manager and found two suspicious processes. quickly terminated those tasks. i honestly don't know if damage has been avoided. changed my steam password after terminating those processes. still have my $600 Counter-Strike: Global Offensive inventory. but i should probly check that again.

bottom line: i don't know to what degree my system has been compromised and/or is in danger, if any. im thinking i'll run my kasperskly total protection and see if it finds anything.

 

[Riddick51PB]

well good thing LB motivated me based on my weak solution. a kaspersky scan found the following issues and resolved them:
vp8encoder.dll
vp8decoder.dll
rfusclient.exe
rutserv.exe

i believe the kaspersky message for them all was something like "malicious remote management" or something to that effect.

 

[Layback Bear]

You have run kaspersky and Malwarebytes; that is good.
Did you have the rootkit scan selected when you run Malwarebytes?

Rootkit scan is located under Settings/Detection-Protection

Here is another free on line scan from Eset that I use and it sometimes finds things other programs miss.


Free ESET Online Antivirus Scanner | Online Virus Scan | Virus Scanner

Be advised all passwords should be changed using a know clean computer.
You could have a keylogger.

Let us know if Eset finds anything and what it is.

 

[Riddick51PB]

did not have rootkit scan enabled on malwarebytes. ran a new malwarebytes scan w/rootkit enabled.

sounds like i better run ESET just for safety sake. will let that run tonight.

 

[Riddick51PB]

results of ESET scan:

C:\Users\Riddick51PB\Downloads\CarbonPokerOddsCalculator_Setup.exe a variant of Win32/Packed.Themida potentially unwanted application deleted - quarantined
C:\Users\Riddick51PB\Downloads\cbsidlm-cbsi134-Astroburn_Lite-SEO-10958314.exe a variant of Win32/CNETInstaller.B potentially unwanted application deleted - quarantined
C:\Users\Riddick51PB\Downloads\cbsidlm-tr1_13-inSSIDer-SEO-10848357.exe Win32/DownloadAdmin.G potentially unwanted application deleted - quarantined
C:\Users\Riddick51PB\Downloads\freeripmp3-setup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted - quarantined
C:\Users\Riddick51PB\Downloads\FreeVideoToMP3Converter.exe Win32/OpenCandy potentially unsafe application deleted - quarantined
C:\Users\Riddick51PB\Downloads\hwmonitor_1.21-setup.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined


additionally, forgot to mention that malwarebytes rootkit scan found 49 issues.

will have to go to work on other critical passwords tomorrow.

 

[Layback Bear]

Be sure to inform all your banks, credit card companies ect that you have been hacked.

Those things that Eset found you can remove form your system.

What malware found is scary.

I have never heard of a system having 49 rootkits.

Some security experts recommend a clean install when rootkits are found and that is just one rootkit.

Could you post the Malwarebytes log?

I'm going to see if I can find one of our security experts to take a look at your problem.

 

[Gator]

I would like to see the log of Malwarebytes. Are we saying Malwarebytes found 49 instances of a rootkit, or you ran the scan with rootkit enabled and you got 49 hits total? Im not certain but I think when you perform a custom scan it does a deeper scan than the quick scan by default, so finding 49 instances of something isn't that concerning.. 49 instances of a rootkit specifically? Time to wipe and reinstall.

 

[Riddick51PB]

here's the malwarebytes log. i don't know the severity of the issues found. i can do a reinstall if that's what you all recommend.


Malwarebytes Anti-Malware
Malwarebytes | Free Anti-Malware & Internet Security Software

Scan Date: 3/29/2015
Scan Time: 8:26:28 PM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.03.30.01
Rootkit Database: v2015.03.26.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Riddick51PB

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 543506
Time Elapsed: 16 min, 48 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 41
PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\CLSID\{1112dad7-ff1a-4335-9f07-a6ad0837d324}, Quarantined, [76aa29210a80df57576a55e3fb07e719],
PUP.Optional.Multiplug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{1112DAD7-FF1A-4335-9F07-A6AD0837D324}, Quarantined, [76aa29210a80df57576a55e3fb07e719],
PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\P1112dad7_ff1a_4335_9f07_a6ad0837d324_.P1112dad7_ff1a_4335_9f07_a6ad0837d324_, Quarantined, [76aa29210a80df57576a55e3fb07e719],
PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\P1112dad7_ff1a_4335_9f07_a6ad0837d324_.P1112dad7_ff1a_4335_9f07_a6ad0837d324_.9, Quarantined, [76aa29210a80df57576a55e3fb07e719],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\P1112dad7_ff1a_4335_9f07_a6ad0837d324_.P1112dad7_ff1a_4335_9f07_a6ad0837d324_, Quarantined, [76aa29210a80df57576a55e3fb07e719],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\P1112dad7_ff1a_4335_9f07_a6ad0837d324_.P1112dad7_ff1a_4335_9f07_a6ad0837d324_.9, Quarantined, [76aa29210a80df57576a55e3fb07e719],
PUP.Optional.Multiplug, HKU\S-1-5-21-2719538298-1715437929-973194817-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{1112DAD7-FF1A-4335-9F07-A6AD0837D324}, Quarantined, [76aa29210a80df57576a55e3fb07e719],
PUP.Optional.Multiplug, HKU\S-1-5-21-2719538298-1715437929-973194817-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{1112DAD7-FF1A-4335-9F07-A6AD0837D324}, Quarantined, [76aa29210a80df57576a55e3fb07e719],
PUP.Optional.Multiplug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{1112DAD7-FF1A-4335-9F07-A6AD0837D324}, Quarantined, [76aa29210a80df57576a55e3fb07e719],
PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\CLSID\{1112DAD7-FF1A-4335-9F07-A6AD0837D324}\INPROCSERVER32, Quarantined, [76aa29210a80df57576a55e3fb07e719],
PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\CLSID\{40a471db-a12b-4107-be22-8089c29b89fe}, Quarantined, [9c84bb8fd8b2c96dc6fbdd5b34ce2ad6],
PUP.Optional.Multiplug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{40A471DB-A12B-4107-BE22-8089C29B89FE}, Quarantined, [9c84bb8fd8b2c96dc6fbdd5b34ce2ad6],
PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\P40a471db_a12b_4107_be22_8089c29b89fe_.P40a471db_a12b_4107_be22_8089c29b89fe_, Quarantined, [9c84bb8fd8b2c96dc6fbdd5b34ce2ad6],
PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\P40a471db_a12b_4107_be22_8089c29b89fe_.P40a471db_a12b_4107_be22_8089c29b89fe_.9, Quarantined, [9c84bb8fd8b2c96dc6fbdd5b34ce2ad6],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\P40a471db_a12b_4107_be22_8089c29b89fe_.P40a471db_a12b_4107_be22_8089c29b89fe_, Quarantined, [9c84bb8fd8b2c96dc6fbdd5b34ce2ad6],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\P40a471db_a12b_4107_be22_8089c29b89fe_.P40a471db_a12b_4107_be22_8089c29b89fe_.9, Quarantined, [9c84bb8fd8b2c96dc6fbdd5b34ce2ad6],
PUP.Optional.Multiplug, HKU\S-1-5-21-2719538298-1715437929-973194817-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{40A471DB-A12B-4107-BE22-8089C29B89FE}, Quarantined, [9c84bb8fd8b2c96dc6fbdd5b34ce2ad6],
PUP.Optional.Multiplug, HKU\S-1-5-21-2719538298-1715437929-973194817-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{40A471DB-A12B-4107-BE22-8089C29B89FE}, Quarantined, [9c84bb8fd8b2c96dc6fbdd5b34ce2ad6],
PUP.Optional.Multiplug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{40A471DB-A12B-4107-BE22-8089C29B89FE}, Quarantined, [9c84bb8fd8b2c96dc6fbdd5b34ce2ad6],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{40A471DB-A12B-4107-BE22-8089C29B89FE}, Quarantined, [9c84bb8fd8b2c96dc6fbdd5b34ce2ad6],
PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\CLSID\{40A471DB-A12B-4107-BE22-8089C29B89FE}\INPROCSERVER32, Quarantined, [9c84bb8fd8b2c96dc6fbdd5b34ce2ad6],
PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\CLSID\{5591778b-6cf6-4344-8109-f89fd009d415}, Quarantined, [44dc88c249415dd9f0d1cf69649e7090],
PUP.Optional.Multiplug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{5591778B-6CF6-4344-8109-F89FD009D415}, Quarantined, [44dc88c249415dd9f0d1cf69649e7090],
PUP.Optional.Multiplug, HKU\S-1-5-21-2719538298-1715437929-973194817-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{5591778B-6CF6-4344-8109-F89FD009D415}, Quarantined, [44dc88c249415dd9f0d1cf69649e7090],
PUP.Optional.Multiplug, HKU\S-1-5-21-2719538298-1715437929-973194817-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{5591778B-6CF6-4344-8109-F89FD009D415}, Quarantined, [44dc88c249415dd9f0d1cf69649e7090],
PUP.Optional.Multiplug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{5591778B-6CF6-4344-8109-F89FD009D415}, Quarantined, [44dc88c249415dd9f0d1cf69649e7090],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{5591778B-6CF6-4344-8109-F89FD009D415}, Quarantined, [44dc88c249415dd9f0d1cf69649e7090],
PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\CLSID\{5591778B-6CF6-4344-8109-F89FD009D415}\INPROCSERVER32, Quarantined, [44dc88c249415dd9f0d1cf69649e7090],
PUP.Optional.IntelliTerm.A, HKLM\SOFTWARE\WOW6432NODE\IntelliTerm_1.10.0.8, Quarantined, [70b061e93852ee48caa9d77449bc619f],
PUP.Optional.IntelliTerm.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\itnfd_1_10_0_8, Quarantined, [819f0f3b3a5085b19fd222297e87768a],
PUP.Optional.Squeaky.A, HKU\S-1-5-21-2719538298-1715437929-973194817-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Squeaky, Quarantined, [7da3f1593a50f73f6078c3fa0bf8e41c],
PUP.Optional.CouponPeak.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{41F978F3-431A-4464-A789-5C0692D562FB}, Quarantined, [af71bc8eb7d3a591e2a16b3a3ec533cd],
PUP.Optional.CouponPeak.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{138E44EF-8988-4DC7-8F48-FBC4FCEF83D1}, Quarantined, [af71bc8eb7d3a591e2a16b3a3ec533cd],
PUP.Optional.CouponPeak.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{BB50CC62-09E1-4DD9-912C-F1DA4D6D71D8}, Quarantined, [af71bc8eb7d3a591e2a16b3a3ec533cd],
PUP.Optional.CouponPeak.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E481A870-86C7-44E1-97DF-E759FC147CBE}, Quarantined, [af71bc8eb7d3a591e2a16b3a3ec533cd],
PUP.Optional.CouponPeak.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FE332809-93C1-48DF-929F-AEC0BC4BFCFE}, Quarantined, [af71bc8eb7d3a591e2a16b3a3ec533cd],
PUP.Optional.CouponPeak.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{138E44EF-8988-4DC7-8F48-FBC4FCEF83D1}, Quarantined, [af71bc8eb7d3a591e2a16b3a3ec533cd],
PUP.Optional.CouponPeak.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{BB50CC62-09E1-4DD9-912C-F1DA4D6D71D8}, Quarantined, [af71bc8eb7d3a591e2a16b3a3ec533cd],
PUP.Optional.CouponPeak.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E481A870-86C7-44E1-97DF-E759FC147CBE}, Quarantined, [af71bc8eb7d3a591e2a16b3a3ec533cd],
PUP.Optional.CouponPeak.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FE332809-93C1-48DF-929F-AEC0BC4BFCFE}, Quarantined, [af71bc8eb7d3a591e2a16b3a3ec533cd],
PUP.Optional.CouponPeak.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{41F978F3-431A-4464-A789-5C0692D562FB}, Quarantined, [af71bc8eb7d3a591e2a16b3a3ec533cd],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 1
PUP.Optional.CouponPeak.A, C:\Program Files (x86)\CouponpeAk, Quarantined, [af71bc8eb7d3a591e2a16b3a3ec533cd],

Files: 7
PUP.Optional.Multiplug, C:\Program Files (x86)\CouponpeAk\avNB2wd2TBHYYs.x64.dll, Quarantined, [76aa29210a80df57576a55e3fb07e719],
PUP.Optional.Multiplug, C:\Program Files (x86)\ExxteraShopPer\FWNO0TVR9CiF6q.x64.dll, Quarantined, [9c84bb8fd8b2c96dc6fbdd5b34ce2ad6],
PUP.Optional.Multiplug, C:\Program Files (x86)\shopNdroup\6tkQyBmnwHsOfS.x64.dll, Quarantined, [44dc88c249415dd9f0d1cf69649e7090],
PUP.Optional.Multiplug.A, C:\Program Files (x86)\CouponpeAk\avNB2wd2TBHYYs.dll, Quarantined, [e43c56f44743c076e1baa68bcb376b95],
PUP.Optional.CouponPeak.A, C:\Program Files (x86)\CouponpeAk\avNB2wd2TBHYYs.dat, Quarantined, [af71bc8eb7d3a591e2a16b3a3ec533cd],
PUP.Optional.CouponPeak.A, C:\Program Files (x86)\CouponpeAk\avNB2wd2TBHYYs.tlb, Quarantined, [af71bc8eb7d3a591e2a16b3a3ec533cd],
PUP.Optional.Binkiland.A, C:\Users\Riddick51PB\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences, Good: (), Bad: ( "homepage": "http://binkiland.com/?f=1&a=bnk_ir_15_07&cd=2XzuyEtN2Y1L1QzutDtDtByDtBtB0C0CtByC0EyC0A0A0D0EtN0D0Tzu0StCtCtAyCtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StD0BtD0CtA0ByEzytGyCtDtA0EtGyD0ByDyCtGyDyD0AtBtGyBtByEtCtD0B0FyB0C0AyCtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CtB0A0DtA0C0DyCtG0E0D0B0AtGyE0EzzyBtG0BtAzzyEtGyEtCyBzy0F0EyB0AyB0A0Bzy2Q&cr=498679009&ir=",), Replaced,[c55b54f6f397c86e9414152431d521df]

Physical Sectors: 0
(No malicious items detected)


(end)

 

[Layback Bear]

One hellofa list you got their.
They all seem to be PUP's. I would have them on my system. I would remove them all from my system, reboot and run Malwarebytes again. I don't see any rootkits. Then I would do a quick clean using Ccleaner without using the Registry section.
Reboot and see how things work.

Then I would use AdwCleaner from the Bleeping Computer site. Make sure you tick on the big blue box Download Now @ Bleeping Computer and no where else.

AdwCleaner Download

PUP (potentially unwanted program)

 

[Riddick51PB]

i thank you all for your advice and helpful links which i will no doubt use in the future.

for right now, i'm gonna reinstall win7 and be done with all this (for at least a week i hope laff)

 

[Layback Bear]

Clean install is a great idea.

Here is a tutorial by Brink that will help guide you if need be.

http://www.sevenforums.com/tutorials/1649-clean-install-windows-7-a.html