Endpoint Protection

Hi,

I'm dealing with a program called "Context Menu Platinum;" specificially, I can't seem to uninstall it from an employee's computer (who doesn't seem to have installed it in the first place). I have run scan after scan with SEP, MBAM, AdAware, hijackThis, and anything else I could think of, with no luck. The program does not appear in the Add/Remove list, and I cannot find any trace of it on the user's local drive. I do not believe this progam is on any of our servers because only one user is affected.
http://i45.tinypic.com/2ed4biv.jpg
The button on the lower-right counts down from 100, but clicking on it after it's done only opens the same window up again. This window only appears when opening multiple documents/files at once, either by right-clicking or simply hitting enter. The only way to close the window after it has appeared is to kill the explorer window that created it from the task manager.
Has anyone seen this before? All my googling has turned up only a very few results. Any ideas on how to get rid of it?

I think so this is a legal programme
you can find here details
http://www.context-menu.com/about_explorer_context_menu_platinum.html

Regards.
Fatih

Considering that the user in question tells me they did not install anything, and I have found no newly created files or folders to suggest that they did, the fact still remains that this little bit of software either installed itself or piggybacked on another installation and then waited a while to activate itself. This makes me highly suspicious.

Maybe,
But as you well know when we install some programs we did not read it just clik next clik next clik next :)
but programs said I will install this program and context nenu too do you accept? and we click yes everytime without read :)

Just update your SEP client everytime and Windows updates. ;)

Regards
Fatih

Both SEP and Windows (XP-SP3, if it matters) are up-to-date.
The main problem I'm having is that I cannot remove this program and it is hampering productivity.

This will help you
How to find Suspected Threats on your computer. 
The Load Point Diagnostic Utility to identify suspected threats
Also check any folder is got created under program files folder

 You might want to consider trying to find the process with something other than the windows task manager. Personally I hate it, and can't usually find a specific process very easily. I use a free utility called Process Explorer which you can download here: http://download.cnet.com/Process-Explorer/3000-2094_4-10325509.html. You might be able to track down this process a little easier using this.

Grant-

According to my collegue, Process Explorer yeilded no additional information.

I'm sifting through the LoadPointDiag output right now, but I think this might take a while. Is there any way to do a batch-comparison of the MD5s it output to a list of known-safe MD5s?

Just got done with an Autoruns scan. I saved the results and compared it to my computer: no difference. I'm really confused now. Where could this thing be hiding?
Hopefully sifting through the LoadPointDiag output will help.

Anyone have any further ideas?

 I would suggest going to the company that makes the unwanted software and asking them how to remove it.

http://www.context-menu.com/support.html

Aye, that was one of my first ideas (and I realize now that I should have mention that; sorry). I was a bit hesitant about giving my email address out to a company that seems shady, but I got over that. I'm still waiting for a reply, though.

I have just searched for an answer to this same problem, and I found your comments. I hoped you may have found a solution, but sadly we were both in the same boat, so I started to search through recently installed programs.  Having Zone Alarm installed, it pointed me to an interesting entry: "Windows Installer Context Menu Installation System", which was triggered by the program FILEminimiser Suite. I have just uninstalled this, and hope it does the trick, but only time will tell. I wondered if your user had also installed this program?  Fingers crossed?
Regards
Anna

sorry - typo, should be  "Windows Explorer Context Menu Installation System"

 That is exactly how the manufacturer refers to their "software" on the website.

Uninstalling FILEminimiser has solved this problem

Finally!
FileMinimizer was not installed, and I still have not found any trace indicating that it ever was, which makes this all the more confusing to me.

What I ended up doing was using a program called ShellExView to have a look at all shell extentions on the infected system, then through process of elimination, I found one named ? of type Context Menu. Viewing it in the Registry Editor led me to C:/Program Files/Common Files/cPaperless/ which contained all the .dlls and such I'd been looking for the whole time. I really don't know how I missed these, but at least I eventually found them.

Here's hoping this will be easier and faster for anyone else with this same problem.