BulletProof software

[mgm]

a couple of months ago I installed Norton Anti-Virus. Now when ever I run
Ad-Aware, BulletProof Spy detector places shortcuts in a new folder on my
desktop.

Is anyone here familiar with BulletProof? Is this part of a Norton suite?
Do I have to be concerned about the security of my XP pro box?

 

[NoNoBadDog!]

a couple of months ago I installed Norton Anti-Virus. Now when ever I run
Ad-Aware, BulletProof Spy detector places shortcuts in a new folder on my
desktop.

Is anyone here familiar with BulletProof? Is this part of a Norton suite?
Do I have to be concerned about the security of my XP pro box?

BulletProof has nothing to do with Norton AV.

Do you have a firewall running?

What spyware utility do you use?

What adware utility do you use?

What type of hijack software are you using?

Are all of your utilities kept updated?


Antivirus programs protect against viruses. What you have is not a virus,
but is some type of adware or spyware.


Bobby

 

[Guest]

Yupp the answer is:buy a better antispyware application!

BulletProof software has nothing to do with Symantec norton antivirus!

Go to http://www.sunbeltsoftware.com/CounterSpy.cfm

They get their antispyware definitions from microsoft themselves!

Quote:
How Come Microsoft Updates Sunbelt's CounterSpy With Spyware Definitions?
Sunbelt is not "licensing the code from Microsoft". Microsoft acquired our
anti-spyware business partner Giant Software. In short, Giant's original code
was the start for both CounterSpy and Windows AntiSpyware but each has taken
its own development path and Sunbelt and Microsoft each own their own code.
Microsoft shares their spyware definitions with Sunbelt, but Sunbelt uses the
threat information differently. Microsoft states on its website:
"Anti-spyware solutions require definition updates-signatures of known
spyware and other unwanted software-that are necessary to keep the solutions
up-to-date. Because of a legal agreement between Sunbelt Software and Giant
that preceded the Microsoft acquisition, Microsoft will provide spyware
signature updates to Sunbelt through July 2007."

 

[Wesley Vogel]

Get rid of it.

Bullet Proof Spyware a.k.a. BPS Spyware & Adware Remover

[[BPS Spyware & Adware Remover
bulletproofsoft.com
spywarecops.com

false positives work as goad to purchase; company is known adware
distributor; exploits name SpywareBlaster; Ad-aware rip-off; Spybot S&D
rip-off; old version was same app as Real AdWareRemoverGold, Spyware Nuker,
& TZ Spyware Adware Remover; new version uses "Spyware Cops" or "Spy
Striker" front end [A: 6-26-04 / U: 3-25-05] ]]
From...
Spyware Warrior: Rogue/Suspect Anti-Spyware Products & Web Sites
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Get one or all of these...

2) SpywareBlaster
[[SpywareBlaster doesn't scan and clean for spyware - it prevents it from
ever being installed.
The most important step you can take is to secure your system. And
SpywareBlaster is the most powerful protection program available.]]
http://www.javacoolsoftware.com/spywareblaster.html

3) Spybot S & D (More for the advanced user)
http://www.safer-networking.org/index.php?lang=en&page=download

4) HijackThis (More for the advanced user)
http://www.spywareinfo.com/~merijn/downloads.html

4a) HijackThis (direct download)
http://aumha.org/downloads/hijackthis.zip

5) Bazooka Adware and Spyware Scanner v1.13
http://www.kephyr.com/spywarescanner/index.html?source=appvisit

6) ToolbarCop
http://www.mvps.org/sramesh2k/toolbarcop.htm

7) Ad-aware SE Personal
http://www.lavasoft.de/support/download/

Download, install, run, update and run again; one or all. They are all
good, FREE utilities. Make sure you update every program, even if you
just downloaded it. You must have the latest updates. Without updates,
you have a gun without ammo. You also need to use more than one
anti scumware program. One program will *not* catch everything.

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In

 

[mgm]

I run Spybot S&D nightly, I run Adaware nightly. They remove the
Bulletproof junk but it keeps coming back.
I'm sick of it. It doesn't appear in the add/remove programs list and it's
application folder doesn't have an uninstall exe. How the devil do I get
rid of the mess?

I run winXP pro sp2 behind a hardware & software firewall (zonealarm pro),
Norton Anti-Virus and the above mentioned legit spy/ad utilities. All are
updated to latest defs.

Get rid of it.

Bullet Proof Spyware a.k.a. BPS Spyware & Adware Remover

[[BPS Spyware & Adware Remover
bulletproofsoft.com
spywarecops.com

false positives work as goad to purchase; company is known adware
distributor; exploits name SpywareBlaster; Ad-aware rip-off; Spybot S&D
rip-off; old version was same app as Real AdWareRemoverGold, Spyware Nuker,
& TZ Spyware Adware Remover; new version uses "Spyware Cops" or "Spy
Striker" front end [A: 6-26-04 / U: 3-25-05] ]]
From...
Spyware Warrior: Rogue/Suspect Anti-Spyware Products & Web Sites
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Get one or all of these...

2) SpywareBlaster
[[SpywareBlaster doesn't scan and clean for spyware - it prevents it from
ever being installed.
The most important step you can take is to secure your system. And
SpywareBlaster is the most powerful protection program available.]]
http://www.javacoolsoftware.com/spywareblaster.html

3) Spybot S & D (More for the advanced user)
http://www.safer-networking.org/index.php?lang=en&page=download

4) HijackThis (More for the advanced user)
http://www.spywareinfo.com/~merijn/downloads.html

4a) HijackThis (direct download)
http://aumha.org/downloads/hijackthis.zip

5) Bazooka Adware and Spyware Scanner v1.13
http://www.kephyr.com/spywarescanner/index.html?source=appvisit

6) ToolbarCop
http://www.mvps.org/sramesh2k/toolbarcop.htm

7) Ad-aware SE Personal
http://www.lavasoft.de/support/download/

Download, install, run, update and run again; one or all. They are all
good, FREE utilities. Make sure you update every program, even if you
just downloaded it. You must have the latest updates. Without updates,
you have a gun without ammo. You also need to use more than one
anti scumware program. One program will *not* catch everything.

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In

a couple of months ago I installed Norton Anti-Virus. Now when ever I run
Ad-Aware, BulletProof Spy detector places shortcuts in a new folder on my
desktop.

Is anyone here familiar with BulletProof? Is this part of a Norton suite?
Do I have to be concerned about the security of my XP pro box?

 

[Malke]

I run Spybot S&D nightly, I run Adaware nightly. They remove the
Bulletproof junk but it keeps coming back.
I'm sick of it. It doesn't appear in the add/remove programs list and
it's
application folder doesn't have an uninstall exe. How the devil do I
get rid of the mess?

I run winXP pro sp2 behind a hardware & software firewall (zonealarm
pro), Norton Anti-Virus and the above mentioned legit spy/ad
utilities. All are updated to latest defs.

Run your scans in Safe Mode. You should probably include scanning with
HijackThis. Post your log in *one* of the following forums (not here,
please). Be sure to read the posting FAQ of whatever forum you choose.

http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Jim
Eshelman
http://www.bleepingcomputer.com/forums/index.php?showtutorial=42 -
another tutorial
http://aumha.net/viewforum.php?f=30
http://castlecops.com/forum67.html
http://spywarewarrior.com/viewforum.php?f=5 - Spyware Warrior HijackThis
forum
http://www.wilderssecurity.com/
http://forums.tomcoyote.org/

Malke

 

[Wesley Vogel]

I can't find anything about removing/uninstalling BPS Spyware & Adware
Remover. All I can find is plenty of folks threatening to sue the makers of
BPS Spyware & Adware Remover.

Look in C:\Program Files or %homedrive%\Program Files for anything related
to BPS.

I have no idea what the *.exe file, if there is one, is for BPS.

Run Spybot S&D, click on Mode in the top Toolbar and make sure that Advanced
Mode is selected. Then, in the left hand pane, click on Tools and click on
System Startup. In the right hand pane, right click and select Copy to
Clipboard. Paste that into a message and post back and we'll see what we
can find.

[[System startup
This tool lists all programs that are started at Windows startup. If those
items are in the database coming with Spybot-S&D, it will display some more
information about them. It also allows you to disable (and enable) items, as
well as delete them, change them or insert new items.]]

Also, when you run Ad-Aware, when you see the Scan Log you can right click
and select Copy to Clipboard after selecting the relevant text or Ctrl + A
to select all the text and Ctrl + C to copy the text. Paste that into a
message and post back and we'll see what we can find.

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In

I run Spybot S&D nightly, I run Adaware nightly. They remove the
Bulletproof junk but it keeps coming back.
I'm sick of it. It doesn't appear in the add/remove programs list and
it's application folder doesn't have an uninstall exe. How the devil do
I get rid of the mess?

I run winXP pro sp2 behind a hardware & software firewall (zonealarm pro),
Norton Anti-Virus and the above mentioned legit spy/ad utilities. All are
updated to latest defs.

Get rid of it.

Bullet Proof Spyware a.k.a. BPS Spyware & Adware Remover

[[BPS Spyware & Adware Remover
bulletproofsoft.com
spywarecops.com

false positives work as goad to purchase; company is known adware
distributor; exploits name SpywareBlaster; Ad-aware rip-off; Spybot S&D
rip-off; old version was same app as Real AdWareRemoverGold, Spyware
Nuker, & TZ Spyware Adware Remover; new version uses "Spyware Cops" or
"Spy Striker" front end [A: 6-26-04 / U: 3-25-05] ]]
From...
Spyware Warrior: Rogue/Suspect Anti-Spyware Products & Web Sites
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Get one or all of these...

2) SpywareBlaster
[[SpywareBlaster doesn't scan and clean for spyware - it prevents it from
ever being installed.
The most important step you can take is to secure your system. And
SpywareBlaster is the most powerful protection program available.]]
http://www.javacoolsoftware.com/spywareblaster.html

3) Spybot S & D (More for the advanced user)
http://www.safer-networking.org/index.php?lang=en&page=download

4) HijackThis (More for the advanced user)
http://www.spywareinfo.com/~merijn/downloads.html

4a) HijackThis (direct download)
http://aumha.org/downloads/hijackthis.zip

5) Bazooka Adware and Spyware Scanner v1.13
http://www.kephyr.com/spywarescanner/index.html?source=appvisit

6) ToolbarCop
http://www.mvps.org/sramesh2k/toolbarcop.htm

7) Ad-aware SE Personal
http://www.lavasoft.de/support/download/

Download, install, run, update and run again; one or all. They are all
good, FREE utilities. Make sure you update every program, even if you
just downloaded it. You must have the latest updates. Without updates,
you have a gun without ammo. You also need to use more than one
anti scumware program. One program will *not* catch everything.

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In

a couple of months ago I installed Norton Anti-Virus. Now when ever I
run Ad-Aware, BulletProof Spy detector places shortcuts in a new folder
on my desktop.

Is anyone here familiar with BulletProof? Is this part of a Norton
suite? Do I have to be concerned about the security of my XP pro box?

 

[MAP]

I no longer trust Microsofts adware difinitions.
http://www.spywareinfo.com/newsletter/archives/2005/july20.php

 

[Guest]

All the tools you guys are talking about, sd boot, Ad-Aware,SpywareBlaster,
ToolbarCop and so -Yes i've been there using them all!! But they are not as
good as the Counterspy i wrote about since it does all the things in one
stroke:

remove spyware

active protection against "intruders" (spyware/malware)

Protetion agianst hijacking...
and much more - Counterspy has been rated the #1 tool and its really good we
use it every day!

well read for your self....

CounterSpy detects, deletes and protects you against spyware!

You arrived at this page because you want to get rid of malicious spyware
and adware that invades your PC without your knowledge or permission. Why
choose CounterSpyâ„¢? According to PC World it has the best spyware database in
the industry. That means it removes the most spyware!


Spyware Is An Increasing Threat
First the big Internet annoyance was spam. Now it is spyware! Spyware and
adware does more than just steal information about your computing habits. It
causes annoying popups, slows down your PC or even worse, it crashes it.
Spyware is an invasion of your privacy, it is hard to remove and can be used
for Identity theft. More over, it may break your PC so badly you can't even
get on the Internet. The answer is CounterSpy . It has Active Protectionâ„¢,
(you could call that a "spy-wall"). Get your copy now for only $19.95, and
let's fight spyware together. Want to see what other users say about
CounterSpy? Microsoft's WindowsMarketplace site has over 40 pages of rave
reviews.

CounterSpy detects, deletes and protects!
What is Active Protection? Dozens of "checkpoints" that are monitored in
real-time for attempts to install spyware. Think of the CounterSpy agents as
your computer's personal bodyguards. CounterSpy's active agents look for
certain software and system changes to your PC. A very high percentage will
be blocked by CounterSpy, helping to reduce the chance your PC gets infected
again! Apart from the PC World BEST BUY and World Class Awards, the World's
largest PC Manufacturer has also decided for CounterSpy. Read this: "Dell has
tested and recommends CounterSpy by Sunbelt Software. CounterSpy can identify
third-party software that has been downloaded on your system and allows you
to choose which applications you want to keep." You can get CounterSpy from
Dell.

How Come Microsoft Updates Sunbelt's CounterSpy With Spyware Definitions?
Sunbelt is not "licensing the code from Microsoft". Microsoft acquired our
anti-spyware business partner Giant Software. In short, Giant's original code
was the start for both CounterSpy and Windows AntiSpyware but each has taken
its own development path and Sunbelt and Microsoft each own their own code.
Microsoft shares their spyware definitions with Sunbelt, but Sunbelt uses the
threat information differently. Microsoft states on its website:
"Anti-spyware solutions require definition updates-signatures of known
spyware and other unwanted software-that are necessary to keep the solutions
up-to-date. Because of a legal agreement between Sunbelt Software and Giant
that preceded the Microsoft acquisition, Microsoft will provide spyware
signature updates to Sunbelt through July 2007."

Unlike Microsoft, Sunbelt is TOUGH on Adware
In their Windows AntiSpyware beta, Microsoft does not detect and remove
tracking cookies. Counterspy does. Worse, Microsoft has recently downgraded
several adware products from "quarantine" to "ignore." A good example is the
Claria GAIN, formerly knowns as Gator and one of the most hated adware
companies around.
You might ask yourself: "Is Sunbelt also downgrading their adware threat
definitions to "ignore" for Claria and other adware like Microsoft is doing?"
The answer is NO, we ignore Microsoft's threat scoring values. We only use
their threat data (like the file names, and locations where malware is found,
etc.). We have not downgraded our Claria Gain recommendations and still have
it set to be quarantined. If you run Microsoft AntiSpyware it detects the
adware, but now presents "Recommended Action" of "Ignore" (!). You can draw
your own conclusions...

How We Can Fight Spyware Together: ThreatNet
New spyware is constantly created by unethical companies for financial gain.
Cybercriminals change their malicious code regularly trying to escape
discovery. That's why Sunbelt created ThreatNet, a worldwide network of
hundreds of thousands of CounterSpy users who report on new spyware outbreaks
to Sunbelt. When an unknown but potential threat is observed by CounterSpy's
Active Protection, the you are provided the option of anonymously sending
information on the threat to the CounterSpy Research Center. The research
center can then identify new threats as they occur, making updates available
to protect you and all other CounterSpy users from new spyware. You are
invited to join the ThreatNet Team!

AutoUpdater: Keep Your Computer in the Know
Dozens of spyware programs are being created by bad guys every single day.
That's why CounterSpy's AutoUpdater keeps you up-to-date with the latest
spyware threat updates from the CounterSpy Research Center. Just set a time
for CounterSpy to automatically update itself, and you'll always have the
latest version. That gives you the highest protection possible.

Additional Powerful Features:

History Cleaner: The History Cleaner is a powerful privacy tool that erases
many trails you leave on your computer as you surf the Internet (like search
history and URLs accessed)
PC Explorer: My PC Explorer is a way to view and modify settings that are
normally difficult to change. For example, you can view a list of all the
Browser Helper Objects that are installed in Internet Explorer, find out what
programs are set to automatically startup when Windows launches, see and
modify which applications are changing your Internet, and more.
Secure File Eraser: This is a a powerful deletion tool that ensures the
complete elimination of all files you want removed from your machine. The
Secure File Eraser completely removes all traces of any document, image,
music, movie, or application you choose.


Protect Your PC Now
Thousands of people buy CounterSpy every week. PC World confirms that
CounterSpy simply is the best antispyware product out there. Get your own
1-year subscription now for just 20 bucks with a 30-day money back guarantee.
(Second copy half price!) You can't go wrong. Click on the 'buy now' button
and protect your privacy against malicious spyware that invades your PC
without your knowledge or permission.

 

[Malke]

All the tools you guys are talking about, sd boot,
Ad-Aware,SpywareBlaster, ToolbarCop and so -Yes i've been there using
them all!! But they are not as good as the Counterspy i wrote about
since it does all the things in one stroke:

(snip very long post about CounterSpy)

CounterSpy is good, but it costs money. All the antispyware tools we
recommend to end users are free. In addition, you do need more than one
tool to remove many types of malware. After the end user has cleaned up
his/her machine, if s/he wants to spend the money on CounterSpy that is
of course his/her choice.

Malke

 

[Wm. Scott Miller]

mgm:

If I were you, I'd learn how to remove spyware, adware, virus, etc manually
because not every one is going to be caught by every tool out there. Of
course try to find a tool to remove it for you, but when that fails, there
is only manual, especially if you want if off instead of waiting for a def
update. After all there is always a lag time between release of a
spyware/adware/virus/worm/etc and the tools ability to remove it. Use
Ad-Aware, Spybot S&D, etc, but also make sure you know what is running on
that machine and what might not belong. Blind trust in those companies to
find everything out there is a HUGE mistake.

To do this manually, you can use several tools. Most of them I've gotten
from www.sysinternals.com (not associated, just like their tools). Here is
a list of the ones I use:

1. Process Manager -- Task Manager replacement that shows alot more
information (like what is running inside those svchost.exe's)
2. SigCheck -- Check to see what files in your Windows and Windows/System32
etc directories have no signitures or unverifiable signitures (WARNING:
Some Microsoft files still do not have sigs so use tool to highlight
possible hoax programs, but make sure you don't go deleting everything it
finds)
3. AutoRuns -- You have probably used MSConfig. This is much more advanced
and usful for finding that program and where it is starting from.
4. PortMon -- What ports on your machine are listening for connections and
what programs they belong to.

If you cannot find the program with these, then you have bigger
problems.....

Scott

 

[mgm]

Amen to Scott and a big thank you to all you contributed.
If anyone can offer some added input after reviewing the logs, it would be
greatly appreciated. Thanks..mgm

I have NAV 2005, spybot s&d, Adaware, ZoneAlarm Pro(all updated) and all
XP's latest and grestest patch/update software running behind a hardware
firewall (router) and STILL got the BulletProof mess.

After checking my application event logs, I noted that the BPS mess begins
executing at 4:15 AM everyday. Adaware and Spybot also auto execute in the
wee hrs. 2:15 and 3AM.
By checking the event log, I got BPS CLSID and found it in the registry.
With this ID I hope to let SpyBlaster block it from executing tomorrow am.
Wesley Vogel requested some logs, so here they are. I hope they can help
others to clean up or, better yet, avoid the mess
Application event log:Event Source: MsiInstaller
Event Category: None
Event ID: 1004
Date: 7/21/2005
Time: 4:15:02 AM
User: XXXXX\Administrator
Computer: XXXXX
Description:
Detection of product '{0BF1F54D-ECAC-4E46-A5A5-A60ED0332D3E}', feature
'SpywareRemover', component '{23332A7D-C96D-4A86-830C-71CBE466BA78}' failed.
The resource 'C:\Program
Files\BulletProofSoft.com\SpywareRemover\LSPFix.exe' does not exist.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App
Management\ARPCache\{0BF1F54D-ECAC-4E46-A5A5-A60ED0332D3E}<<<<<<

Initial SpyBot run that "fixed" BulletProof" (removed)C:\Program Files\BulletProofSoft.com\SpywareRemover\Spyware.exe

BPS Spyware Remover: System file (File, fixed)
C:\Program
Files\BulletProofSoft.com\SpywareRemover\popup-watch\PopUpWatch.exe

BPS Spyware Remover: Program directory (Directory, fixed)
C:\Program Files\BulletProofSoft.com\SpywareRemover\

BPS Spyware Remover: Program group (Directory, fixed)
C:\Documents and Settings\All Users\Start
Menu\Programs\BulletProofSoft.com

BPS Spyware Remover: Shared DLL (1 apps) (Registry value, fixed)

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\P
rogram Files\BulletProofSoft.com\SpywareRemover\Spyware.exe

BPS Spyware Remover: Shared DLL (1 apps) (Registry value, fixed)

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\P
rogram
Files\BulletProofSoft.com\SpywareRemover\popup-watch\PopUpWatch.exe<<<<<<<<<
<<<

Initial Spybot Startup list (this and the initial scan was done from
SafeMode) I recognize all processes here.command: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
file: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 58992
MD5: e5f9b0314442ea5816518c64b02f10a2

Located: HK_LM:Run, DeviceDiscovery
command: C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
file: C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
size: 229437
MD5: 7eef9e578d2aa3d562d074bfdfe56825

Located: HK_LM:Run, HP Component Manager
command: "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
file: C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
size: 241664
MD5: f5f1a8cdd473d55f9bf6fe23f715b0fa

Located: HK_LM:Run, HP Software Update
command: "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
file: C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
size: 49152
MD5: 6ad9dcb0257b10ea458165f70634dabc

Located: HK_LM:Run, HPDJ Taskbar Utility
command: C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
file: C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
size: 188416
MD5: b25f66fdaa5a0389500c8a9e0433e5a5

Located: HK_LM:Run, NeroFilterCheck
command: C:\WINDOWS\system32\NeroCheck.exe
file: C:\WINDOWS\system32\NeroCheck.exe
size: 155648
MD5: 3e4c03cefad8de135263236b61a49c90

Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
file: C:\WINDOWS\system32\RUNDLL32.EXE
size: 33280
MD5: da285490bbd8a1d0ce6623577d5ba1ff

Located: HK_LM:Run, nwiz
command: nwiz.exe /install
file: C:\WINDOWS\system32\nwiz.exe
size: 741376
MD5: a4ae9ba1e10cb9f6c0949c4db91a1f72

Located: HK_LM:Run, SoundMan
command: SOUNDMAN.EXE
file: C:\WINDOWS\SOUNDMAN.EXE
size: 77824
MD5: 6351b9d79370a6795921fa3c3950ded6

Located: HK_LM:Run, Symantec NetDriver Monitor
command: C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
file: C:\PROGRA~1\SYMNET~1\SNDMon.exe
size: 100056
MD5: f9418981ee4d7e995d359833adab59d5

Located: HK_LM:Run, TkBellExe
command: "C:\Program Files\Common
iles\Real\Update_OB\realsched.exe" -osboot
file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 180269
MD5: b8e684df9a97497edd2f87444a6307fb

Located: HK_CU:Run, ctfmon.exe
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996a38c0b0cf151c2140ae29fc8

Located: Startup (common), Adobe Reader Speed Launch.lnk
command: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
file: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
size: 29696
MD5: deb88aef013dd1eefb462d7cad642166

Located: Startup (common), ZoneAlarm Pro.lnk
command: C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
file: C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
size: 422984
MD5: 3b2d0ab3d2dbc4cbbd6b9cd9be59a799

Located: Startup (disabled), Acrobat Assistant (DISABLED)
command: C:\PROGRA~1\Adobe\ACROBA~1.0\Distillr\acrotray.exe
file: C:\PROGRA~1\Adobe\ACROBA~1.0\Distillr\acrotray.exe
size: 217193
MD5: 78bfe3201ada2fe02d1e35d2488e5f55

Located: Startup (disabled), Adobe Gamma Loader (DISABLED)
command: C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE
file: C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE
size: 113664
MD5: c2ff17734176cd15221c10044ef0ba1a

Located: Startup (disabled), Microsoft Office (DISABLED)
command: C:\PROGRA~1\MICROS~2\Office10\OSA.EXE -b -l
file: C:\PROGRA~1\MICROS~2\Office10\OSA.EXE
size: 83360
MD5: 5bc65464354a9fd3beaa28e18839734a

Located: Startup (disabled), ZoneAlarm Pro (DISABLED)
command: C:\PROGRA~1\ZONELA~1\ZONEAL~1\zapro.exe -nopopup
file: C:\PROGRA~1\ZONELA~1\ZONEAL~1\zapro.exe
size: 422984
MD5: 3b2d0ab3d2dbc4cbbd6b9cd9be59a799<<<<<

 

[Wesley Vogel]

mgm,

You have a bunch of other trash that you do not need running, but we better
stick to BPSSR for now.

Did you try to run Spybot S&D and Ad-Aware in Safe Mode like Malke
suggested? Some malware like to conceal themselves in areas that Windows
protects while using them. Safe mode will prevent those application
accesses, and therefore unprotect the malware.

Did you download, install and run HijackThis in Safe Mode like Malke
suggested?

4) HijackThis
http://www.spywareinfo.com/~merijn/downloads.html

4a) HijackThis (direct download)
http://aumha.org/downloads/hijackthis.zip

HijackThis log tutorial
http://www.spywareinfo.com/~merijn/htlogtutorial.html

HijackThis Log Tutorial
http://www.aumha.org/a/hjttutor.htm

How to use HijackThis to remove Browser Hijackers & Spyware
http://www.bleepingcomputer.com/forums/index.php?showtutorial=42#warning

Is there a listing for BulletProofSoft SpywareRemover in Add or Remove
Programs?

Was the MsiInstaller Warning about a failed uninstall? Did you try to
uninstall BPSSR using Add or Remove Programs? If you didn't, try it. Never
mind you mentioned that it wasn't listed. So what caused the MsiInstaller
Warning?

CLSID {0BF1F54D-ECAC-4E46-A5A5-A60ED0332D3E} appears to be BPSSR.

Also look for {0BF1F54D-ECAC-4E46-A5A5-A60ED0332D3E} in
%appdata%\Microsoft\Installer
or
C:\Documents and Settings\Your Name Here\Application
Data\Microsoft\Installer
and
%windir%\Installer
or
C:\WINDOWS\Installer
And delete the {0BF1F54D-ECAC-4E46-A5A5-A60ED0332D3E} folder. This ought to
prevent BPSSR from getting installed again.

Spyware.exe & PopUpWatch.exe would appear to be the BPSSR program. Make
sure that you use Task Manager to *KILL* both of these before running Spybot
S&D, etc.

Open Task Manager...
Ctrl + Shift + Esc | Processes tab | Click on the Image name header to
alphabetize the list | Locate Spyware.exe & PopUpWatch.exe | Right click
each one | End Process | Answer YES to the Warning that popsup | Make sure
that there isn't more than one of each running | Close Task Manager

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In

 

[mgm]

Yes, all was done in safe mode and finally the BPS has been removed. All BPS
has been removed and blocked via Spybot and SpywareBlaster... AND most
important, it's really gone. Again, thanks to all for your input

 

[Wesley Vogel]

Glad to hear it. Keep having fun.

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In