Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Removing Spyware caused by Screen Mates! Help!

  1. #1
    Junior Member
    Join Date
    Dec 2006
    Posts
    27

    Exclamation Removing Spyware caused by Screen Mates! Help!

    Hello,
    I recently downloaded some Screen Mates from Screenmates.com. They seemed pretty cool at first and Spybot didn't pick up any spyware.
    (Cuz they are new ones, so I guess they've not been found yet :P )

    Anyway, I picked up some old ones that Spybot found and removed the registry entry. However, I'm certain I still have some of the spyware since the old ones were picked up.

    If it is possible, I wish to remove the spyware and keep the screen mates

    If not well... I guess I'll get rid of them, since they are quite bad with adware etc...


    Here's is the Spybot S&D log in PDF, since my Adobe can be made a Printer this is the only way I know how to make it...
    http://www.rocketsoft.gm-school.uni....n%20report.pdf

    Please tell me how to remove the Scree-Mates spyware
    I browsed in Regedit btw, and some of the screenmates reg keys are in other places than just adtools inc. others such as:
    HKEY_CURRENT_USER\Software\Ice Age ScreenMate

    Your time is greatly appreciated.


    Gaming4JC

  2. #2
    Junior Member
    Join Date
    Dec 2006
    Posts
    27

    Arrow

    Oh, and one more thing.
    ZoneAlarm Deteced that the screenmates wanted to access the internet.
    I denied access, so I'm guessing even if it is spyware I'm probably safe for now.

    Gaming4JC

  3. #3
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    Welcome to the forum

    Post a SpyBot results report.
    Run SpyBot check for problems, fix all red items, when its finished right click and choose copy results (not full report) to clipboard and paste that back here please. we dont need to see cookies and tracts.

    Please go here and follow instructions.
    http://forums.spybot.info/showthread.php?t=288
    Post A Hijackthis log and an online scan report here in this thread.
    ~~~~~~~~~~~~~~~~~~~~~~~
    Microsoft MVP Windows-Security 2006

  4. #4
    Junior Member
    Join Date
    Dec 2006
    Posts
    27

    Red face



    Here you are:
    Code:
    Message Mates: User settings (Registry key, fixed)
      HKEY_USERS\S-1-5-21-507921405-2139871995-725345543-1004\Software\AdTools, Inc.
     
     
    --- Spybot - Search & Destroy version: 1.4  (build: 20050523) ---
     
    2005-05-31 blindman.exe (1.0.0.1)
    2005-05-31 SpybotSD.exe (1.4.0.3)
    2005-05-31 TeaTimer.exe (1.4.0.2)
    2006-05-29 unins000.exe (51.41.0.0)
    2005-05-31 Update.exe (1.4.0.0)
    2006-02-06 advcheck.dll (1.0.2.0)
    2005-05-31 aports.dll (2.1.0.0)
    2005-05-31 borlndmm.dll (7.0.4.453)
    2005-05-31 delphimm.dll (7.0.4.453)
    2005-05-31 SDHelper.dll (1.4.0.0)
    2006-02-20 Tools.dll (2.0.0.2)
    2005-05-31 UnzDll.dll (1.73.1.1)
    2005-05-31 ZipDll.dll (1.73.2.0)
    2006-12-01 Includes\Cookies.sbi (*)
    2006-10-13 Includes\Dialer.sbi (*)
    2006-12-01 Includes\DialerC.sbi (*)
    2006-11-24 Includes\Hijackers.sbi (*)
    2006-12-01 Includes\HijackersC.sbi (*)
    2006-10-27 Includes\Keyloggers.sbi (*)
    2006-12-01 Includes\KeyloggersC.sbi (*)
    2004-11-29 Includes\LSP.sbi (*)
    2006-10-13 Includes\Malware.sbi (*)
    2006-12-01 Includes\MalwareC.sbi (*)
    2006-10-20 Includes\PUPS.sbi (*)
    2006-12-01 Includes\PUPSC.sbi (*)
    2006-12-01 Includes\Revision.sbi (*)
    2006-10-13 Includes\Security.sbi (*)
    2006-12-01 Includes\SecurityC.sbi (*)
    2006-10-13 Includes\Spybots.sbi (*)
    2006-12-01 Includes\SpybotsC.sbi (*)
    2005-02-17 Includes\Tracks.uti
    2006-12-01 Includes\Trojans.sbi (*)
    2006-12-01 Includes\TrojansC.sbi (*)

    HJT log:
    Logfile of HijackThis v1.99.1
    Scan saved at 10:01:23 PM, on 12/11/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
    C:\progra~1\softwin\bitdef~1\bdnagent.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\WINDOWS\system32\RunDLL32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\CallWave\IAM.exe
    C:\Program Files\MagicDisc\MagicDisc.exe
    C:\Program Files\NYKO\Gamepad Mapping Tools\ngpmap.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\Documents and Settings\Luke\Start Menu\Programs\Startup\VGSAutorun.exe
    C:\Program Files\WordWeb\wweb32.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\pctspk.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Ice Age ScreenMate\Ice Age ScreenMate.exe
    C:\Program Files\Lost In Space\Lost In Space.exe
    C:\Program Files\Finding Nemo ScreenMate\Finding Nemo ScreenMate.exe
    C:\Documents and Settings\Luke\My Documents\My Downloads\security\hijackthis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
    O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe"
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Finding Nemo ScreenMate] "C:\Program Files\Finding Nemo ScreenMate\Finding Nemo ScreenMate.exe" -r
    O4 - HKCU\..\Run: [Lost In Space] C:\Program Files\Lost In Space\Lost In Space.exe
    O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
    O4 - Startup: NYKO Gamepad Mapping Tools.lnk = C:\Program Files\NYKO\Gamepad Mapping Tools\ngpmap.exe
    O4 - Startup: VGSAutorun.exe
    O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
    O4 - Global Startup: CallWave.lnk = C:\Program Files\CallWave\IAM.exe
    O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
    O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1148950792843
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1157648596875
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{28CF5789-BFE9-4C50-8EFB-0AA167E18C09}: NameServer = 207.172.3.8
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)


    Hope that is what you need

    Gaming4JC
    Last edited by LonnyRJones; 2006-12-12 at 12:42. Reason: removed coding

  5. #5
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    Screensaver, wallpaper software is notorious for spyware, since you know yours includes spyware i suggest it be uninstalled asap.

    Your running both avg and bit-defender, having two or more can cause both to be ineffective, Uninstall all but one antivirus program, you can supplement by getting occasional an on-line scans.

    For security your Sun Java program should be undated
    http://forums.spybot.info/showpost.p...80&postcount=2
    afterwards It's very important to uninstall the old version's via addremove programs.
    ~~~~~~~~~~~~~~~~~~~~~~~
    Microsoft MVP Windows-Security 2006

  6. #6
    Junior Member
    Join Date
    Dec 2006
    Posts
    27

    Smile Thnx...

    Hello,
    I decided to remove the screenmates by using their own uninstaller.
    (hope that works...)
    Also, I've removed Bit Defender. But I am vary dissatisfied with the results of both of my anti-viruses...

    Bit Defender does a better scan, but doesn't check e-mail or have a resident shield.

    AVG (still on my comp...) does have both resident shield and e-mail checker, but only catches a few viruses, and therefore let's others come right on in...

    So I've been looking at one of Dr. Web's freebies:
    http://download.drweb.com/win/

    I've not heard of Dr. Web much, so I decided it best to ask first, before downloading. Just to be sure it weren't a PUP or something.
    So do you feel Dr. Web is an O.K. freeware antivirus utility?
    If not please let me know a good alternative. As I have Dial-up you can probably imagine how long an online scan would take to scan my 160GB hard drive.

    I am upgrading my Java runtime right now. Thanks for the advice, I hadn't even thought of the Java until you mentioned it.

    Thanks for all the helps, and Happy Holidays!

    Gaming4JC

  7. #7
    Junior Member
    Join Date
    Dec 2006
    Posts
    27

    Arrow AOL Antivirus

    Hello,
    I've been looking for other antiviruses other than AVG.
    and I found this too:
    http://www.activevirusshield.com/ant...eav/index.adp?

    Please let me know of a good one when you have the time


    Gaming4JC

  8. #8
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    "Powered by Kaspersky Lab"
    Kaspersky is a great av.
    If you can Id suggest getting the antivirus from Kaspersky themselves.

    Dr. Web's a good backup scanner
    ~~~~~~~~~~~~~~~~~~~~~~~
    Microsoft MVP Windows-Security 2006

  9. #9
    Junior Member
    Join Date
    Dec 2006
    Posts
    27

    Default

    Hello again,
    I've downloaded it, it works great! It caught to trojans one of them a "backdoor".

    I also tested it with the fake EICAR test virus, it caught it and deleted it.
    I would get Kaspersky directly but it cost $$ and this is great and free

    Thanks again for all your help.

  10. #10
    Junior Member
    Join Date
    Dec 2006
    Posts
    27

    Default Thumbs.db files everywheres...

    Hmm...
    I thought it were all over until now
    I also recently installed Deskmates, Oska to be specific.

    However, after removing them I've noticed a file called "Thumbs.db" appearing in all of my folders. I'm not sure what it is, but when I try to delete them it says it is a system file. I've deleted a few appearing in files I send out by using the "Shift+Delete".

    Please let me know how to fix this problem if you can.

    Gaming4JC

    -------------

    Hosted by Xs.to

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •