What is Screenshot Pro?
The Malwarebytes research team has determined that Screenshot Pro is adware. These adware applications display advertisements not originating from the sites you are browsing.
How do I know if my computer is affected by Screenshot Pro?
You may see this entry in your list of installed programs:
and this icon in your taskbar:
This is the main window of the program:
and this is the settings screen:
How did Screenshot Pro get on my computer?
Adware applications use different methods for distributing themselves. This particular one was bundled with other software.
How do I remove Screenshot Pro?
Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program.
- Please download Malwarebytes Anti-Malware to your desktop.
- Double-click mbam-setup-{version}.exe and follow the prompts to install the program.
- At the end, be sure a check-mark is placed next to:
Launch Malwarebytes Anti-Malware - Then click Finish.
- Once the program has loaded, select Scan Now. Or select the Threat Scan from the Scan menu.
- If an update is available, it will be implemented before the rest of the scanning procedure.
- When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
- Restart your computer when prompted to do so.
- No, Malwarebytes' Anti-Malware removes Screenshot Pro completely.
We hope our application and this guide have helped you eradicate this adware.
As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the Screenshot Pro adware. It would have warned you before the adware could install itself, giving you a chance to stop it before it became too late.
Technical details for experts
Possible signs in FRST logs:
() C:\Program Files (x86)\ScreenshotPro\1.0.0.6000063\ScreenshotProServ.exe () C:\Program Files (x86)\ScreenshotPro\1.0.0.6000063\ScreenshotPro.exe R2 TheScreenshotProService; C:\Program Files (x86)\ScreenshotPro\1.0.0.6000063\ScreenshotProServ.exe [151144 2016-11-07] () C:\Users\Public\Documents\Tools C:\Users\Public\Documents\Guid C:\Users\{username}\AppData\Roaming\Screenshot Pro C:\Program Files (x86)\ScreenshotPro Screenshot Pro 1.0.0.6000063 (HKLM\...\{F772C08D-9F61-45c6-982F-ADDEEE0D92C6}) (Version: 1.0.0.6000063 - ShenZhen Enode Techology co,.Ltd)Alterations made by the installer:
File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Program Files (x86)\ScreenshotPro\1.0.0.6000063 Adds the file CrashReport.exe"="11/7/2016 3:02 PM, 727144 bytes, A Adds the file CrashReportModuleConf.ini"="11/7/2016 3:01 PM, 764 bytes, A Adds the file CrashUL.exe"="11/7/2016 3:02 PM, 313448 bytes, A Adds the file InstallHelper.exe"="11/7/2016 3:02 PM, 759400 bytes, A Adds the file Report.exe"="11/7/2016 3:02 PM, 327784 bytes, A Adds the file Roboto-Regular.ttf"="11/7/2016 3:01 PM, 126072 bytes, A Adds the file ScreenshotPro.exe"="11/7/2016 3:02 PM, 1766504 bytes, A Adds the file ScreenshotProServ.exe"="11/7/2016 3:02 PM, 151144 bytes, A Adds the file Updata.dll"="11/7/2016 3:02 PM, 575080 bytes, A Adds the file updata.ini"="6/24/2016 8:42 AM, 213 bytes, A Adds the folder C:\Program Files (x86)\ScreenshotPro\1.0.0.6000063\DuiLibResource\EN Adds the file MainFrame.xml"="11/7/2016 3:01 PM, 11785 bytes, A Adds the file PopupFontSize.xml"="11/7/2016 3:01 PM, 2134 bytes, A Adds the file PopupLineType.xml"="11/7/2016 3:01 PM, 1779 bytes, A Adds the file PopupTrayMenu.xml"="11/7/2016 3:01 PM, 2317 bytes, A Adds the file ScrollTipDialog.xml"="11/7/2016 3:01 PM, 514 bytes, A Adds the file ToolBar.xml"="11/7/2016 3:01 PM, 11559 bytes, A Adds the folder C:\Program Files (x86)\ScreenshotPro\1.0.0.6000063\DuiLibResource\picture Adds the file bg_core.png"="11/7/2016 3:01 PM, 3690 bytes, A Adds the file bg_core_big.png"="11/7/2016 3:01 PM, 3416 bytes, A Adds the file bg_function_clicked.png"="11/7/2016 3:01 PM, 1378 bytes, A Adds the file bg_function_hover.png"="11/7/2016 3:01 PM, 1284 bytes, A Adds the file btn_close_hover.png"="11/7/2016 3:01 PM, 278 bytes, A Adds the file btn_close_normal.png"="11/7/2016 3:01 PM, 230 bytes, A Adds the file btn_close_pressed.png"="11/7/2016 3:01 PM, 241 bytes, A Adds the file btn_min_hover.png"="11/7/2016 3:01 PM, 148 bytes, A Adds the file btn_min_normal.png"="11/7/2016 3:01 PM, 105 bytes, A Adds the file btn_min_pressed.png"="11/7/2016 3:01 PM, 146 bytes, A Adds the file btn_shortcut_clicked.png"="11/7/2016 3:01 PM, 224 bytes, A Adds the file btn_shortcut_hover.png"="11/7/2016 3:01 PM, 215 bytes, A Adds the file btn_shortcut_normal.png"="11/7/2016 3:01 PM, 232 bytes, A Adds the file esc.png"="11/7/2016 3:01 PM, 328 bytes, A Adds the file icn_conflict.png"="11/7/2016 3:01 PM, 528 bytes, A Adds the file icn_custom_hover.png"="11/7/2016 3:01 PM, 1368 bytes, A Adds the file icn_custom_normal.png"="11/7/2016 3:01 PM, 1326 bytes, A Adds the file icn_printscreen_hover.png"="11/7/2016 3:01 PM, 747 bytes, A Adds the file icn_printscreen_normal.png"="11/7/2016 3:01 PM, 757 bytes, A Adds the file icn_region_hover.png"="11/7/2016 3:01 PM, 784 bytes, A Adds the file icn_region_normal.png"="11/7/2016 3:01 PM, 729 bytes, A Adds the file ico_scroll_hover.png"="11/7/2016 3:01 PM, 1776 bytes, A Adds the file icon_scroll_normal.png"="11/7/2016 3:01 PM, 1774 bytes, A Adds the file logo.png"="11/7/2016 3:01 PM, 641 bytes, A Adds the file scroll_tip_back.png"="11/7/2016 3:01 PM, 955 bytes, A Adds the folder C:\Program Files (x86)\ScreenshotPro\1.0.0.6000063\DuiLibResource\picture\optionbar Adds the file bg_linetype_hover.png"="11/7/2016 3:01 PM, 158 bytes, A Adds the file bg_list.png"="11/7/2016 3:01 PM, 1873 bytes, A Adds the file bg_list_font_size.png"="11/7/2016 3:01 PM, 2048 bytes, A Adds the file bg_option.png"="11/7/2016 3:01 PM, 312 bytes, A Adds the file bg_option_triangle.png"="11/7/2016 3:01 PM, 88 bytes, A Adds the file btn_bold.png"="11/7/2016 3:01 PM, 782 bytes, A Adds the file btn_brush_l.png"="11/7/2016 3:01 PM, 1758 bytes, A Adds the file btn_brush_m.png"="11/7/2016 3:01 PM, 1376 bytes, A Adds the file btn_brush_s.png"="11/7/2016 3:01 PM, 997 bytes, A Adds the file btn_italic.png"="11/7/2016 3:01 PM, 822 bytes, A Adds the file btn_list.png"="11/7/2016 3:01 PM, 483 bytes, A Adds the file color_swatches.png"="11/7/2016 3:01 PM, 1027 bytes, A Adds the file color_swatches_l.png"="11/7/2016 3:01 PM, 1016 bytes, A Adds the file icn_check_grey.png"="11/7/2016 3:01 PM, 123 bytes, A Adds the file icn_check_white.png"="11/7/2016 3:01 PM, 119 bytes, A Adds the file icn_list_drop.png"="11/7/2016 3:01 PM, 113 bytes, A Adds the file line_1.png"="11/7/2016 3:01 PM, 164 bytes, A Adds the file line_2.png"="11/7/2016 3:01 PM, 185 bytes, A Adds the file line_3.png"="11/7/2016 3:01 PM, 172 bytes, A Adds the file line_4.png"="11/7/2016 3:01 PM, 195 bytes, A Adds the folder C:\Program Files (x86)\ScreenshotPro\1.0.0.6000063\DuiLibResource\picture\setting Adds the file bg_blur.png"="11/7/2016 3:01 PM, 34480 bytes, A Adds the file bg_input_error.png"="11/7/2016 3:01 PM, 276 bytes, A Adds the file bg_input_focused.png"="11/7/2016 3:01 PM, 270 bytes, A Adds the file bg_input_normal.png"="11/7/2016 3:01 PM, 258 bytes, A Adds the file bg_popup.png"="11/7/2016 3:01 PM, 2253 bytes, A Adds the file bg_setting.png"="11/7/2016 3:01 PM, 1098 bytes, A Adds the file btn_cancel_clicked.png"="11/7/2016 3:01 PM, 233 bytes, A Adds the file btn_cancel_hover.png"="11/7/2016 3:01 PM, 236 bytes, A Adds the file btn_cancel_normal.png"="11/7/2016 3:01 PM, 236 bytes, A Adds the file btn_save_clicked.png"="11/7/2016 3:01 PM, 230 bytes, A Adds the file btn_save_hover.png"="11/7/2016 3:01 PM, 207 bytes, A Adds the file btn_save_normal.png"="11/7/2016 3:01 PM, 248 bytes, A Adds the file dimmed_bg.png"="11/7/2016 3:01 PM, 852 bytes, A Adds the file icn_error.png"="11/7/2016 3:01 PM, 299 bytes, A Adds the folder C:\Program Files (x86)\ScreenshotPro\1.0.0.6000063\DuiLibResource\picture\toolbar Adds the file bg_toolbar_narrow.png"="11/7/2016 3:01 PM, 283 bytes, A Adds the file btn_action_cancel.png"="11/7/2016 3:01 PM, 282 bytes, A Adds the file btn_action_complete.png"="11/7/2016 3:01 PM, 260 bytes, A Adds the file btn_action_save.png"="11/7/2016 3:01 PM, 249 bytes, A Adds the file btn_action_undo.png"="11/7/2016 3:01 PM, 799 bytes, A Adds the file btn_tool_arrow.png"="11/7/2016 3:01 PM, 360 bytes, A Adds the file btn_tool_brush.png"="11/7/2016 3:01 PM, 572 bytes, A Adds the file btn_tool_eclipse.png"="11/7/2016 3:01 PM, 887 bytes, A Adds the file btn_tool_mosaic.png"="11/7/2016 3:01 PM, 312 bytes, A Adds the file btn_tool_rectangle.png"="11/7/2016 3:01 PM, 307 bytes, A Adds the file btn_tool_text.png"="11/7/2016 3:01 PM, 268 bytes, A Adds the folder C:\Program Files (x86)\ScreenshotPro\1.0.0.6000063\DuiLibResource\picture\TrayMenu Adds the file bg_menu_clicked.png"="11/7/2016 3:01 PM, 166 bytes, A Adds the file bg_menu_hover.png"="11/7/2016 3:01 PM, 166 bytes, A Adds the file bg_tray_menu.png"="11/7/2016 3:01 PM, 2098 bytes, A Adds the file exit.png"="11/7/2016 3:01 PM, 309 bytes, A Adds the file icn_open.png"="11/7/2016 3:01 PM, 205 bytes, A Adds the file icn_shortcut.png"="11/7/2016 3:01 PM, 340 bytes, A Adds the folder C:\Program Files (x86)\ScreenshotPro\1.0.0.6000063\UPDData Adds the file History.dat"="11/11/2016 11:28 AM, 24 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Screenshot Pro\dump Adds the file BugReportConfig.ini"="11/11/2016 11:28 AM, 179 bytes, A Adds the folder C:\Users\Public\Documents\Guid\Common\I18N\IPCSUpdateCache\ScreenshotPro Adds the folder C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Screenshot Pro\dump Adds the file BugReportConfig.ini"="11/11/2016 11:28 AM, 179 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\DtsEncodeTools] "{F772C08D-9F61-45c6-982F-ADDEEE0D92C6}"="REG_SZ", "{F772C08D-9F61-45c6-982F-ADDEEE0D92C6}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F772C08D-9F61-45c6-982F-ADDEEE0D92C6}] "DisplayFullVersion"="REG_SZ", "1.0.0.6000063" "DisplayIcon"="REG_SZ", "C:\Program Files (x86)\ScreenshotPro\1.0.0.6000063\ScreenshotPro.exe" "DisplayName"="REG_SZ", "Screenshot Pro 1.0.0.6000063" "DisplayVersion"="REG_SZ", "1.0.0.6000063" "Publisher"="REG_SZ", "ShenZhen Enode Techology co,.Ltd" "UninstallString"="REG_SZ", "C:\Program Files (x86)\ScreenshotPro\1.0.0.6000063\InstallHelper.exe -Uninstall English" [HKEY_LOCAL_MACHINE\SOFTWARE\Screenshot Pro] "FrID"="REG_SZ", "PlgB6FwxRPJu5iliIjRh1RdFMfZXIUnjLaVs" "INSTALL_FIRST_TIME"="REG_SZ", "2016-11-11_11:28:09" "parentName"="REG_SZ", "explorer.exe" "PartnerID"="REG_SZ", "marketator|uk|IBD|Bundle" "UserID"="REG_SZ", "6f3bb58c3fd9e2aaf610e56356f706c9" "Version"="REG_SZ", "1.0.0.6000063" [HKEY_LOCAL_MACHINE\SOFTWARE\Screenshot Pro\1.0.0.6000063] "INSTALL_PATH"="REG_SZ", "C:\Program Files (x86)\ScreenshotPro\1.0.0.6000063" [HKEY_LOCAL_MACHINE\SOFTWARE\Screenshot Pro\INSTALL_MARK] "version"="REG_SZ", "1.0.0.6000063" [HKEY_LOCAL_MACHINE\SOFTWARE\Screenshot Pro\QUIT] "QuitSession"="REG_SZ", "{F73F04E3-147F-4B3F-844F-682C7CA0ECC8}-1" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TheScreenshotProService] "DisplayName"="REG_SZ", "The Screenshot Pro Service" "ErrorControl"="REG_DWORD", 1 "ImagePath"="REG_EXPAND_SZ, "C:\Program Files (x86)\ScreenshotPro\1.0.0.6000063\ScreenshotProServ.exe" "ObjectName"="REG_SZ", "LocalSystem" "Start"="REG_DWORD", 2 "Type"="REG_DWORD", 16 "WOW64"="REG_DWORD", 1 [HKEY_CURRENT_USER\Software\{D8383CB0-A0FE-4e85-8134-D57644EB746A}] "NeedCreateDefaultHotKey"="REG_DWORD", 0 "RegionCaptureHotKey"="REG_DWORD", 5898243Malwarebytes Anti-Malware log:
Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 11/11/2016 Scan Time: 11:50 AM Logfile: mbamScreenShotPro.txt Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.11.11.04 Rootkit Database: v2016.10.31.01 License: Premium Malware Protection: Disabled Malicious Website Protection: Enabled Self-protection: Enabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {username} Scan Type: Threat Scan Result: Completed Objects Scanned: 300350 Time Elapsed: 8 min, 2 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 2 PUP.Optional.ScreenShotPro, C:\Program Files (x86)\ScreenshotPro\1.0.0.6000063\ScreenshotProServ.exe, 1460, Delete-on-Reboot, [31cf8e31b6e414224d4d943a0102b848] PUP.Optional.ScreenShotPro, C:\Program Files (x86)\ScreenshotPro\1.0.0.6000063\ScreenshotPro.exe, 3172, Delete-on-Reboot, [b848efd072285adc94fcfcd2cd36966a] Modules: 0 (No malicious items detected) Registry Keys: 3 PUP.Optional.ScreenShotPro, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TheScreenshotProService, Quarantined, [31cf8e31b6e414224d4d943a0102b848], PUP.Optional.ScreenShotPro, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{F772C08D-9F61-45c6-982F-ADDEEE0D92C6}, Quarantined, [3ac6b807386262d4c9e311bdf40f9e62], PUP.Optional.ScreenShotPro, HKLM\SOFTWARE\SCREENSHOT PRO, Quarantined, [09f76857465444f2674319b5c83b649c], Registry Values: 1 PUP.Optional.ScreenShotPro, HKLM\SOFTWARE\SCREENSHOT PRO|PartnerID, marketator|uk|IBD|Bundle, Quarantined, [09f76857465444f2674319b5c83b649c] Registry Data: 0 (No malicious items detected) Folders: 2 PUP.Optional.ScreenShotPro, C:\Users\{username}\AppData\Roaming\Screenshot Pro\dump, Quarantined, [8779f3ccebaf4de9525debe331d2cb35], PUP.Optional.ScreenShotPro, C:\Users\{username}\AppData\Roaming\Screenshot Pro, Quarantined, [8779f3ccebaf4de9525debe331d2cb35], Files: 4 PUP.Optional.ScreenShotPro, C:\Program Files (x86)\ScreenshotPro\1.0.0.6000063\ScreenshotProServ.exe, Delete-on-Reboot, [31cf8e31b6e414224d4d943a0102b848], PUP.Optional.ScreenShotPro, C:\Program Files (x86)\ScreenshotPro\1.0.0.6000063\ScreenshotPro.exe, Delete-on-Reboot, [b848efd072285adc94fcfcd2cd36966a], PUP.Optional.ScreenShotPro, C:\Users\{username}\Desktop\marketator_uk.exe, Quarantined, [8a76437c3169a98de0b416b8976c7789], PUP.Optional.ScreenShotPro, C:\Users\{username}\AppData\Roaming\Screenshot Pro\dump\BugReportConfig.ini, Quarantined, [8779f3ccebaf4de9525debe331d2cb35], Physical Sectors: 0 (No malicious items detected) (end)As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.
We use different ways of protecting your computer(s):
- Dynamically Blocks Malware Sites & Servers
- Malware Execution Prevention