Tech Support Forum - View Single Post - right-click menus always popping up

CeliaK · 02-13-2007, 01:07 PM

Hi Ried,

Thanks for answering! Here is my combofix log, but strangely my problem has almost disappeared on its own in the last few days. I still get the "undo... properties" menu once in a while out of nowhere, but not every second like this week-end. Anyway, here is my log.

P.S. After I ran combofix, internet explorer became my default browser when it's always been firefox... have an idea why?

Thanks a lot!
Célia

"owner" - 07-02-13 20:59:54 Service Pack 2
ComboFix 07-02-13 - Running from: "C:\Documents and Settings\owner\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2007-01-13 to 2007-02-13 ))))))))))))))))))))))))))))))))))

2007-02-11 09:24 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Adobe
2007-02-10 23:30 <DIR> d-------- C:\Program Files\Common Files\Cisco Systems
2007-02-10 22:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Grisoft
2007-02-10 16:44 <DIR> d-------- C:\hijackthis
2007-02-10 16:08 58,016 --a------ C:\WINDOWS\system32\drivers\mvstdi5x.sys
2007-02-10 16:08 108,256 --a------ C:\WINDOWS\system32\drivers\naiavf5x.sys
2007-02-10 16:08 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Network Associates
2007-02-10 16:07 <DIR> d-------- C:\Program Files\Network Associates
2007-02-10 16:07 <DIR> d-------- C:\Program Files\Common Files\Network Associates
2007-02-10 15:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy
2007-02-08 23:29 20 ---h----- C:\DOCUME~1\ALLUSE~1\Application Data\PKP_DLds.DAT
2007-02-08 23:29 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Nikon
2007-02-08 23:29 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Applause and Laugher
2007-02-01 01:08 6,029,312 --a------ C:\DOCUME~1\owner\ntuser.dat
2007-01-20 23:46 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Adobe(3)
2007-01-20 16:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Motive
2007-01-20 16:31 <DIR> d-------- C:\Program Files\Common Files\Motive
2007-01-20 16:29 6,550 --a------ C:\WINDOWS\jautoexp.dat

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-02-13 21:00 -------- d-------- C:\DOCUME~1\owner\Application Data\skype
2007-02-13 20:37 -------- d-------- C:\Program Files\mozilla firefox
2007-02-13 20:07 -------- d-------- C:\Program Files\prestonotes
2007-02-13 09:04 -------- d-------- C:\Program Files\spywareblaster
2007-02-11 09:35 -------- d-------- C:\Program Files\Common Files\adobe
2007-02-11 09:31 -------- d-------- C:\DOCUME~1\owner\Application Data\adobeum
2007-02-10 23:31 -------- d-------- C:\Program Files\grisoft
2007-02-10 16:13 -------- d---s---- C:\DOCUME~1\owner\Application Data\microsoft
2007-02-10 15:17 -------- d-------- C:\Program Files\java
2007-02-10 14:58 -------- d-------- C:\Program Files\google
2007-02-08 23:29 268 -r-h----- C:\DOCUME~1\owner\Application Data\system image utility
2007-02-08 22:36 -------- d-------- C:\Program Files\skype
2007-01-25 22:19 -------- d-------- C:\DOCUME~1\owner\Application Data\roxio
2007-01-20 18:49 -------- d-------- C:\DOCUME~1\owner\Application Data\adobe
2006-12-25 12:36 -------- d-------- C:\Program Files\windows media connect 2

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"rcwinHyper"="C:\\Program Files\\Dictionnaire\\rcwinHyper.exe"
"TOSCDSPD"="C:\\Program Files\\TOSHIBA\\TOSCDSPD\\toscdspd.exe"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe"
"PrestoNotes"="C:\\Program Files\\PrestoNotes\\PrestoNotes.exe"
"WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /installquiet"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"00THotkey"="C:\\WINDOWS\\system32\\00THotkey.exe"
"000StTHK"="000StTHK.exe"
"TFncKy"="TFncKy.exe"
"TFNF5"="TFNF5.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"TPSMain"="TPSMain.exe"
"RoxioDragToDisc"="\"C:\\Program Files\\Roxio\\Easy Media Creator 7\\Drag to Disc\\DrgToDsc.exe\""
"ezShieldProtector for Px"="C:\\WINDOWS\\system32\\ezSP_Px.exe"
"SigmaTel StacMon"="C:\\Program Files\\SigmaTel\\SigmaTel AC97 Audio Drivers\\stacmon.exe"
"LtMoh"="C:\\Program Files\\ltmoh\\Ltmoh.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\\Program Files\\Google\\Gmail Notifier\\gnotify.exe"
"Acrobat Assistant 7.0"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""
@=""
"ShStatEXE"="\"C:\\Program Files\\Network Associates\\VirusScan\\SHSTAT.EXE\" /STANDALONE"
"McAfeeUpdaterUI"="\"C:\\Program Files\\Network Associates\\Common Framework\\UpdaterUI.exe\" /StartedFromRunKey"
"Network Associates Error Reporting Service"="\"C:\\Program Files\\Common Files\\Network Associates\\TalkBack\\TBMon.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

********************************************************************

catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-02-13 21:02:27

02-13-2007, 01:07 PM	#4 (permalink)
CeliaK Registered User Join Date: Feb 2007 Posts: 4 OS: WinXP	Hi Ried, Thanks for answering! Here is my combofix log, but strangely my problem has almost disappeared on its own in the last few days. I still get the "undo... properties" menu once in a while out of nowhere, but not every second like this week-end. Anyway, here is my log. P.S. After I ran combofix, internet explorer became my default browser when it's always been firefox... have an idea why? Thanks a lot! Célia "owner" - 07-02-13 20:59:54 Service Pack 2 ComboFix 07-02-13 - Running from: "C:\Documents and Settings\owner\Desktop" ((((((((((((((((((((((((((((((( Files Created from 2007-01-13 to 2007-02-13 )))))))))))))))))))))))))))))))))) 2007-02-11 09:24 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Adobe 2007-02-10 23:30 <DIR> d-------- C:\Program Files\Common Files\Cisco Systems 2007-02-10 22:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Grisoft 2007-02-10 16:44 <DIR> d-------- C:\hijackthis 2007-02-10 16:08 58,016 --a------ C:\WINDOWS\system32\drivers\mvstdi5x.sys 2007-02-10 16:08 108,256 --a------ C:\WINDOWS\system32\drivers\naiavf5x.sys 2007-02-10 16:08 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Network Associates 2007-02-10 16:07 <DIR> d-------- C:\Program Files\Network Associates 2007-02-10 16:07 <DIR> d-------- C:\Program Files\Common Files\Network Associates 2007-02-10 15:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy 2007-02-08 23:29 20 ---h----- C:\DOCUME~1\ALLUSE~1\Application Data\PKP_DLds.DAT 2007-02-08 23:29 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Nikon 2007-02-08 23:29 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Applause and Laugher 2007-02-01 01:08 6,029,312 --a------ C:\DOCUME~1\owner\ntuser.dat 2007-01-20 23:46 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Adobe(3) 2007-01-20 16:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Motive 2007-01-20 16:31 <DIR> d-------- C:\Program Files\Common Files\Motive 2007-01-20 16:29 6,550 --a------ C:\WINDOWS\jautoexp.dat (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-02-13 21:00 -------- d-------- C:\DOCUME~1\owner\Application Data\skype 2007-02-13 20:37 -------- d-------- C:\Program Files\mozilla firefox 2007-02-13 20:07 -------- d-------- C:\Program Files\prestonotes 2007-02-13 09:04 -------- d-------- C:\Program Files\spywareblaster 2007-02-11 09:35 -------- d-------- C:\Program Files\Common Files\adobe 2007-02-11 09:31 -------- d-------- C:\DOCUME~1\owner\Application Data\adobeum 2007-02-10 23:31 -------- d-------- C:\Program Files\grisoft 2007-02-10 16:13 -------- d---s---- C:\DOCUME~1\owner\Application Data\microsoft 2007-02-10 15:17 -------- d-------- C:\Program Files\java 2007-02-10 14:58 -------- d-------- C:\Program Files\google 2007-02-08 23:29 268 -r-h----- C:\DOCUME~1\owner\Application Data\system image utility 2007-02-08 22:36 -------- d-------- C:\Program Files\skype 2007-01-25 22:19 -------- d-------- C:\DOCUME~1\owner\Application Data\roxio 2007-01-20 18:49 -------- d-------- C:\DOCUME~1\owner\Application Data\adobe 2006-12-25 12:36 -------- d-------- C:\Program Files\windows media connect 2 (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "rcwinHyper"="C:\\Program Files\\Dictionnaire\\rcwinHyper.exe" "TOSCDSPD"="C:\\Program Files\\TOSHIBA\\TOSCDSPD\\toscdspd.exe" "Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized" "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe" "PrestoNotes"="C:\\Program Files\\PrestoNotes\\PrestoNotes.exe" "WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "nwiz"="nwiz.exe /installquiet" "SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe" "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe" "00THotkey"="C:\\WINDOWS\\system32\\00THotkey.exe" "000StTHK"="000StTHK.exe" "TFncKy"="TFncKy.exe" "TFNF5"="TFNF5.exe" "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\"" "TPSMain"="TPSMain.exe" "RoxioDragToDisc"="\"C:\\Program Files\\Roxio\\Easy Media Creator 7\\Drag to Disc\\DrgToDsc.exe\"" "ezShieldProtector for Px"="C:\\WINDOWS\\system32\\ezSP_Px.exe" "SigmaTel StacMon"="C:\\Program Files\\SigmaTel\\SigmaTel AC97 Audio Drivers\\stacmon.exe" "LtMoh"="C:\\Program Files\\ltmoh\\Ltmoh.exe" "AGRSMMSG"="AGRSMMSG.exe" "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\\Program Files\\Google\\Gmail Notifier\\gnotify.exe" "Acrobat Assistant 7.0"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\"" @="" "ShStatEXE"="\"C:\\Program Files\\Network Associates\\VirusScan\\SHSTAT.EXE\" /STANDALONE" "McAfeeUpdaterUI"="\"C:\\Program Files\\Network Associates\\Common Framework\\UpdaterUI.exe\" /StartedFromRunKey" "Network Associates Error Reporting Service"="\"C:\\Program Files\\Common Files\\Network Associates\\TalkBack\\TBMon.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 ****************************************************************** catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ****************************************************************** Completion time: 07-02-13 21:02:27