BulletProof software

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

a couple of months ago I installed Norton Anti-Virus. Now when ever I run
Ad-Aware, BulletProof Spy detector places shortcuts in a new folder on my
desktop.

Is anyone here familiar with BulletProof? Is this part of a Norton suite?
Do I have to be concerned about the security of my XP pro box?
13 answers Last reply
More about bulletproof software
  1. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    "mgm" <mgmombo@hotmail.com> wrote in message
    news:%235IxkrYjFHA.3336@tk2msftngp13.phx.gbl...
    >a couple of months ago I installed Norton Anti-Virus. Now when ever I run
    > Ad-Aware, BulletProof Spy detector places shortcuts in a new folder on my
    > desktop.
    >
    > Is anyone here familiar with BulletProof? Is this part of a Norton suite?
    > Do I have to be concerned about the security of my XP pro box?
    >
    >

    BulletProof has nothing to do with Norton AV.

    Do you have a firewall running?

    What spyware utility do you use?

    What adware utility do you use?

    What type of hijack software are you using?

    Are all of your utilities kept updated?


    Antivirus programs protect against viruses. What you have is not a virus,
    but is some type of adware or spyware.


    Bobby
  2. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Yupp the answer is:buy a better antispyware application!

    BulletProof software has nothing to do with Symantec norton antivirus!

    Go to http://www.sunbeltsoftware.com/CounterSpy.cfm

    They get their antispyware definitions from microsoft themselves!

    Quote:
    How Come Microsoft Updates Sunbelt's CounterSpy With Spyware Definitions?
    Sunbelt is not "licensing the code from Microsoft". Microsoft acquired our
    anti-spyware business partner Giant Software. In short, Giant's original code
    was the start for both CounterSpy and Windows AntiSpyware but each has taken
    its own development path and Sunbelt and Microsoft each own their own code.
    Microsoft shares their spyware definitions with Sunbelt, but Sunbelt uses the
    threat information differently. Microsoft states on its website:
    "Anti-spyware solutions require definition updates-signatures of known
    spyware and other unwanted software-that are necessary to keep the solutions
    up-to-date. Because of a legal agreement between Sunbelt Software and Giant
    that preceded the Microsoft acquisition, Microsoft will provide spyware
    signature updates to Sunbelt through July 2007."


    "NoNoBadDog!" wrote:

    >
    > "mgm" <mgmombo@hotmail.com> wrote in message
    > news:%235IxkrYjFHA.3336@tk2msftngp13.phx.gbl...
    > >a couple of months ago I installed Norton Anti-Virus. Now when ever I run
    > > Ad-Aware, BulletProof Spy detector places shortcuts in a new folder on my
    > > desktop.
    > >
    > > Is anyone here familiar with BulletProof? Is this part of a Norton suite?
    > > Do I have to be concerned about the security of my XP pro box?
    > >
    > >
    >
    > BulletProof has nothing to do with Norton AV.
    >
    > Do you have a firewall running?
    >
    > What spyware utility do you use?
    >
    > What adware utility do you use?
    >
    > What type of hijack software are you using?
    >
    > Are all of your utilities kept updated?
    >
    >
    > Antivirus programs protect against viruses. What you have is not a virus,
    > but is some type of adware or spyware.
    >
    >
    > Bobby
    >
    >
    >
  3. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Get rid of it.

    Bullet Proof Spyware a.k.a. BPS Spyware & Adware Remover

    [[BPS Spyware & Adware Remover
    bulletproofsoft.com
    spywarecops.com

    false positives work as goad to purchase; company is known adware
    distributor; exploits name SpywareBlaster; Ad-aware rip-off; Spybot S&D
    rip-off; old version was same app as Real AdWareRemoverGold, Spyware Nuker,
    & TZ Spyware Adware Remover; new version uses "Spyware Cops" or "Spy
    Striker" front end [A: 6-26-04 / U: 3-25-05] ]]
    From...
    Spyware Warrior: Rogue/Suspect Anti-Spyware Products & Web Sites
    http://www.spywarewarrior.com/rogue_anti-spyware.htm

    Get one or all of these...

    2) SpywareBlaster
    [[SpywareBlaster doesn't scan and clean for spyware - it prevents it from
    ever being installed.
    The most important step you can take is to secure your system. And
    SpywareBlaster is the most powerful protection program available.]]
    http://www.javacoolsoftware.com/spywareblaster.html

    3) Spybot S & D (More for the advanced user)
    http://www.safer-networking.org/index.php?lang=en&page=download

    4) HijackThis (More for the advanced user)
    http://www.spywareinfo.com/~merijn/downloads.html

    4a) HijackThis (direct download)
    http://aumha.org/downloads/hijackthis.zip

    5) Bazooka Adware and Spyware Scanner v1.13
    http://www.kephyr.com/spywarescanner/index.html?source=appvisit

    6) ToolbarCop
    http://www.mvps.org/sramesh2k/toolbarcop.htm

    7) Ad-aware SE Personal
    http://www.lavasoft.de/support/download/

    Download, install, run, update and run again; one or all. They are all
    good, FREE utilities. Make sure you update every program, even if you
    just downloaded it. You must have the latest updates. Without updates,
    you have a gun without ammo. You also need to use more than one
    anti scumware program. One program will *not* catch everything.

    --
    Hope this helps. Let us know.

    Wes
    MS-MVP Windows Shell/User

    In news:%235IxkrYjFHA.3336@tk2msftngp13.phx.gbl,
    mgm <mgmombo@hotmail.com> hunted and pecked:
    > a couple of months ago I installed Norton Anti-Virus. Now when ever I run
    > Ad-Aware, BulletProof Spy detector places shortcuts in a new folder on my
    > desktop.
    >
    > Is anyone here familiar with BulletProof? Is this part of a Norton suite?
    > Do I have to be concerned about the security of my XP pro box?
  4. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    I run Spybot S&D nightly, I run Adaware nightly. They remove the
    Bulletproof junk but it keeps coming back.
    I'm sick of it. It doesn't appear in the add/remove programs list and it's
    application folder doesn't have an uninstall exe. How the devil do I get
    rid of the mess?

    I run winXP pro sp2 behind a hardware & software firewall (zonealarm pro),
    Norton Anti-Virus and the above mentioned legit spy/ad utilities. All are
    updated to latest defs.

    "Wesley Vogel" <123WVogel955@comcast.net> wrote in message
    news:%238gtcHajFHA.2484@TK2MSFTNGP15.phx.gbl...
    > Get rid of it.
    >
    > Bullet Proof Spyware a.k.a. BPS Spyware & Adware Remover
    >
    > [[BPS Spyware & Adware Remover
    > bulletproofsoft.com
    > spywarecops.com
    >
    > false positives work as goad to purchase; company is known adware
    > distributor; exploits name SpywareBlaster; Ad-aware rip-off; Spybot S&D
    > rip-off; old version was same app as Real AdWareRemoverGold, Spyware
    Nuker,
    > & TZ Spyware Adware Remover; new version uses "Spyware Cops" or "Spy
    > Striker" front end [A: 6-26-04 / U: 3-25-05] ]]
    > From...
    > Spyware Warrior: Rogue/Suspect Anti-Spyware Products & Web Sites
    > http://www.spywarewarrior.com/rogue_anti-spyware.htm
    >
    > Get one or all of these...
    >
    > 2) SpywareBlaster
    > [[SpywareBlaster doesn't scan and clean for spyware - it prevents it from
    > ever being installed.
    > The most important step you can take is to secure your system. And
    > SpywareBlaster is the most powerful protection program available.]]
    > http://www.javacoolsoftware.com/spywareblaster.html
    >
    > 3) Spybot S & D (More for the advanced user)
    > http://www.safer-networking.org/index.php?lang=en&page=download
    >
    > 4) HijackThis (More for the advanced user)
    > http://www.spywareinfo.com/~merijn/downloads.html
    >
    > 4a) HijackThis (direct download)
    > http://aumha.org/downloads/hijackthis.zip
    >
    > 5) Bazooka Adware and Spyware Scanner v1.13
    > http://www.kephyr.com/spywarescanner/index.html?source=appvisit
    >
    > 6) ToolbarCop
    > http://www.mvps.org/sramesh2k/toolbarcop.htm
    >
    > 7) Ad-aware SE Personal
    > http://www.lavasoft.de/support/download/
    >
    > Download, install, run, update and run again; one or all. They are all
    > good, FREE utilities. Make sure you update every program, even if you
    > just downloaded it. You must have the latest updates. Without updates,
    > you have a gun without ammo. You also need to use more than one
    > anti scumware program. One program will *not* catch everything.
    >
    > --
    > Hope this helps. Let us know.
    >
    > Wes
    > MS-MVP Windows Shell/User
    >
    > In news:%235IxkrYjFHA.3336@tk2msftngp13.phx.gbl,
    > mgm <mgmombo@hotmail.com> hunted and pecked:
    > > a couple of months ago I installed Norton Anti-Virus. Now when ever I
    run
    > > Ad-Aware, BulletProof Spy detector places shortcuts in a new folder on
    my
    > > desktop.
    > >
    > > Is anyone here familiar with BulletProof? Is this part of a Norton
    suite?
    > > Do I have to be concerned about the security of my XP pro box?
    >
  5. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    mgm wrote:

    > I run Spybot S&D nightly, I run Adaware nightly. They remove the
    > Bulletproof junk but it keeps coming back.
    > I'm sick of it. It doesn't appear in the add/remove programs list and
    > it's
    > application folder doesn't have an uninstall exe. How the devil do I
    > get rid of the mess?
    >
    > I run winXP pro sp2 behind a hardware & software firewall (zonealarm
    > pro), Norton Anti-Virus and the above mentioned legit spy/ad
    > utilities. All are updated to latest defs.
    >
    Run your scans in Safe Mode. You should probably include scanning with
    HijackThis. Post your log in *one* of the following forums (not here,
    please). Be sure to read the posting FAQ of whatever forum you choose.

    http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Jim
    Eshelman
    http://www.bleepingcomputer.com/forums/index.php?showtutorial=42 -
    another tutorial
    http://aumha.net/viewforum.php?f=30
    http://castlecops.com/forum67.html
    http://spywarewarrior.com/viewforum.php?f=5 - Spyware Warrior HijackThis
    forum
    http://www.wilderssecurity.com/
    http://forums.tomcoyote.org/

    Malke
    --
    MS-MVP Windows User/Shell
    Elephant Boy Computers
    www.elephantboycomputers.com
    "Don't Panic"
  6. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    I can't find anything about removing/uninstalling BPS Spyware & Adware
    Remover. All I can find is plenty of folks threatening to sue the makers of
    BPS Spyware & Adware Remover.

    Look in C:\Program Files or %homedrive%\Program Files for anything related
    to BPS.

    I have no idea what the *.exe file, if there is one, is for BPS.

    Run Spybot S&D, click on Mode in the top Toolbar and make sure that Advanced
    Mode is selected. Then, in the left hand pane, click on Tools and click on
    System Startup. In the right hand pane, right click and select Copy to
    Clipboard. Paste that into a message and post back and we'll see what we
    can find.

    [[System startup
    This tool lists all programs that are started at Windows startup. If those
    items are in the database coming with Spybot-S&D, it will display some more
    information about them. It also allows you to disable (and enable) items, as
    well as delete them, change them or insert new items.]]

    Also, when you run Ad-Aware, when you see the Scan Log you can right click
    and select Copy to Clipboard after selecting the relevant text or Ctrl + A
    to select all the text and Ctrl + C to copy the text. Paste that into a
    message and post back and we'll see what we can find.

    --
    Hope this helps. Let us know.

    Wes
    MS-MVP Windows Shell/User

    In news:u5$o3MajFHA.3336@tk2msftngp13.phx.gbl,
    mgm <mgmombo@hotmail.com> hunted and pecked:
    > I run Spybot S&D nightly, I run Adaware nightly. They remove the
    > Bulletproof junk but it keeps coming back.
    > I'm sick of it. It doesn't appear in the add/remove programs list and
    > it's application folder doesn't have an uninstall exe. How the devil do
    > I get rid of the mess?
    >
    > I run winXP pro sp2 behind a hardware & software firewall (zonealarm pro),
    > Norton Anti-Virus and the above mentioned legit spy/ad utilities. All are
    > updated to latest defs.
    >
    > "Wesley Vogel" <123WVogel955@comcast.net> wrote in message
    > news:%238gtcHajFHA.2484@TK2MSFTNGP15.phx.gbl...
    >> Get rid of it.
    >>
    >> Bullet Proof Spyware a.k.a. BPS Spyware & Adware Remover
    >>
    >> [[BPS Spyware & Adware Remover
    >> bulletproofsoft.com
    >> spywarecops.com
    >>
    >> false positives work as goad to purchase; company is known adware
    >> distributor; exploits name SpywareBlaster; Ad-aware rip-off; Spybot S&D
    >> rip-off; old version was same app as Real AdWareRemoverGold, Spyware
    >> Nuker, & TZ Spyware Adware Remover; new version uses "Spyware Cops" or
    >> "Spy Striker" front end [A: 6-26-04 / U: 3-25-05] ]]
    >> From...
    >> Spyware Warrior: Rogue/Suspect Anti-Spyware Products & Web Sites
    >> http://www.spywarewarrior.com/rogue_anti-spyware.htm
    >>
    >> Get one or all of these...
    >>
    >> 2) SpywareBlaster
    >> [[SpywareBlaster doesn't scan and clean for spyware - it prevents it from
    >> ever being installed.
    >> The most important step you can take is to secure your system. And
    >> SpywareBlaster is the most powerful protection program available.]]
    >> http://www.javacoolsoftware.com/spywareblaster.html
    >>
    >> 3) Spybot S & D (More for the advanced user)
    >> http://www.safer-networking.org/index.php?lang=en&page=download
    >>
    >> 4) HijackThis (More for the advanced user)
    >> http://www.spywareinfo.com/~merijn/downloads.html
    >>
    >> 4a) HijackThis (direct download)
    >> http://aumha.org/downloads/hijackthis.zip
    >>
    >> 5) Bazooka Adware and Spyware Scanner v1.13
    >> http://www.kephyr.com/spywarescanner/index.html?source=appvisit
    >>
    >> 6) ToolbarCop
    >> http://www.mvps.org/sramesh2k/toolbarcop.htm
    >>
    >> 7) Ad-aware SE Personal
    >> http://www.lavasoft.de/support/download/
    >>
    >> Download, install, run, update and run again; one or all. They are all
    >> good, FREE utilities. Make sure you update every program, even if you
    >> just downloaded it. You must have the latest updates. Without updates,
    >> you have a gun without ammo. You also need to use more than one
    >> anti scumware program. One program will *not* catch everything.
    >>
    >> --
    >> Hope this helps. Let us know.
    >>
    >> Wes
    >> MS-MVP Windows Shell/User
    >>
    >> In news:%235IxkrYjFHA.3336@tk2msftngp13.phx.gbl,
    >> mgm <mgmombo@hotmail.com> hunted and pecked:
    >>> a couple of months ago I installed Norton Anti-Virus. Now when ever I
    >>> run Ad-Aware, BulletProof Spy detector places shortcuts in a new folder
    >>> on my desktop.
    >>>
    >>> Is anyone here familiar with BulletProof? Is this part of a Norton
    >>> suite? Do I have to be concerned about the security of my XP pro box?
  7. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    I no longer trust Microsofts adware difinitions.
    http://www.spywareinfo.com/newsletter/archives/2005/july20.php

    --
    Mike Pawlak


    Daniel - Rookeycompany wrote:
    > Yupp the answer is:buy a better antispyware application!
    >
    > BulletProof software has nothing to do with Symantec norton antivirus!
    >
    > Go to http://www.sunbeltsoftware.com/CounterSpy.cfm
    >
    > They get their antispyware definitions from microsoft themselves!
    >
    > Quote:
    > How Come Microsoft Updates Sunbelt's CounterSpy With Spyware
    > Definitions? Sunbelt is not "licensing the code from Microsoft".
    > Microsoft acquired our anti-spyware business partner Giant Software.
    > In short, Giant's original code was the start for both CounterSpy and
    > Windows AntiSpyware but each has taken its own development path and
    > Sunbelt and Microsoft each own their own code. Microsoft shares their
    > spyware definitions with Sunbelt, but Sunbelt uses the threat
    > information differently. Microsoft states on its website:
    > "Anti-spyware solutions require definition updates-signatures of
    > known spyware and other unwanted software-that are necessary to keep
    > the solutions up-to-date. Because of a legal agreement between
    > Sunbelt Software and Giant that preceded the Microsoft acquisition,
    > Microsoft will provide spyware signature updates to Sunbelt through
    > July 2007."
    >
    >
    > "NoNoBadDog!" wrote:
    >
    >>
    >> "mgm" <mgmombo@hotmail.com> wrote in message
    >> news:%235IxkrYjFHA.3336@tk2msftngp13.phx.gbl...
    >>> a couple of months ago I installed Norton Anti-Virus. Now when
    >>> ever I run Ad-Aware, BulletProof Spy detector places shortcuts in a
    >>> new folder on my desktop.
    >>>
    >>> Is anyone here familiar with BulletProof? Is this part of a Norton
    >>> suite? Do I have to be concerned about the security of my XP pro
    >>> box?
    >>>
    >>>
    >>
    >> BulletProof has nothing to do with Norton AV.
    >>
    >> Do you have a firewall running?
    >>
    >> What spyware utility do you use?
    >>
    >> What adware utility do you use?
    >>
    >> What type of hijack software are you using?
    >>
    >> Are all of your utilities kept updated?
    >>
    >>
    >> Antivirus programs protect against viruses. What you have is not a
    >> virus, but is some type of adware or spyware.
    >>
    >>
    >> Bobby
  8. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Daniel - Rookeycompany wrote:

    > All the tools you guys are talking about, sd boot,
    > Ad-Aware,SpywareBlaster, ToolbarCop and so -Yes i've been there using
    > them all!! But they are not as good as the Counterspy i wrote about
    > since it does all the things in one stroke:
    >
    (snip very long post about CounterSpy)

    CounterSpy is good, but it costs money. All the antispyware tools we
    recommend to end users are free. In addition, you do need more than one
    tool to remove many types of malware. After the end user has cleaned up
    his/her machine, if s/he wants to spend the money on CounterSpy that is
    of course his/her choice.

    Malke
    --
    Elephant Boy Computers
    www.elephantboycomputers.com
    "Don't Panic!"
    MS-MVP Windows - Shell/User
  9. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    mgm:

    If I were you, I'd learn how to remove spyware, adware, virus, etc manually
    because not every one is going to be caught by every tool out there. Of
    course try to find a tool to remove it for you, but when that fails, there
    is only manual, especially if you want if off instead of waiting for a def
    update. After all there is always a lag time between release of a
    spyware/adware/virus/worm/etc and the tools ability to remove it. Use
    Ad-Aware, Spybot S&D, etc, but also make sure you know what is running on
    that machine and what might not belong. Blind trust in those companies to
    find everything out there is a HUGE mistake.

    To do this manually, you can use several tools. Most of them I've gotten
    from www.sysinternals.com (not associated, just like their tools). Here is
    a list of the ones I use:

    1. Process Manager -- Task Manager replacement that shows alot more
    information (like what is running inside those svchost.exe's)
    2. SigCheck -- Check to see what files in your Windows and Windows/System32
    etc directories have no signitures or unverifiable signitures (WARNING:
    Some Microsoft files still do not have sigs so use tool to highlight
    possible hoax programs, but make sure you don't go deleting everything it
    finds)
    3. AutoRuns -- You have probably used MSConfig. This is much more advanced
    and usful for finding that program and where it is starting from.
    4. PortMon -- What ports on your machine are listening for connections and
    what programs they belong to.

    If you cannot find the program with these, then you have bigger
    problems.....

    Scott

    "mgm" <mgmombo@hotmail.com> wrote in message
    news:%235IxkrYjFHA.3336@tk2msftngp13.phx.gbl...
    >a couple of months ago I installed Norton Anti-Virus. Now when ever I run
    > Ad-Aware, BulletProof Spy detector places shortcuts in a new folder on my
    > desktop.
    >
    > Is anyone here familiar with BulletProof? Is this part of a Norton suite?
    > Do I have to be concerned about the security of my XP pro box?
    >
    >
  10. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Amen to Scott and a big thank you to all you contributed.
    If anyone can offer some added input after reviewing the logs, it would be
    greatly appreciated. Thanks..mgm

    I have NAV 2005, spybot s&d, Adaware, ZoneAlarm Pro(all updated) and all
    XP's latest and grestest patch/update software running behind a hardware
    firewall (router) and STILL got the BulletProof mess.

    After checking my application event logs, I noted that the BPS mess begins
    executing at 4:15 AM everyday. Adaware and Spybot also auto execute in the
    wee hrs. 2:15 and 3AM.
    By checking the event log, I got BPS CLSID and found it in the registry.
    With this ID I hope to let SpyBlaster block it from executing tomorrow am.
    Wesley Vogel requested some logs, so here they are. I hope they can help
    others to clean up or, better yet, avoid the mess
    Application event log:
    >>>>Event Type: Warning
    Event Source: MsiInstaller
    Event Category: None
    Event ID: 1004
    Date: 7/21/2005
    Time: 4:15:02 AM
    User: XXXXX\Administrator
    Computer: XXXXX
    Description:
    Detection of product '{0BF1F54D-ECAC-4E46-A5A5-A60ED0332D3E}', feature
    'SpywareRemover', component '{23332A7D-C96D-4A86-830C-71CBE466BA78}' failed.
    The resource 'C:\Program
    Files\BulletProofSoft.com\SpywareRemover\LSPFix.exe' does not exist.

    For more information, see Help and Support Center at
    http://go.microsoft.com/fwlink/events.asp.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App
    Management\ARPCache\{0BF1F54D-ECAC-4E46-A5A5-A60ED0332D3E}<<<<<<

    Initial SpyBot run that "fixed" BulletProof" (removed)
    >>>>BPS Spyware Remover: System file (File, fixed)
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Spyware.exe

    BPS Spyware Remover: System file (File, fixed)
    C:\Program
    Files\BulletProofSoft.com\SpywareRemover\popup-watch\PopUpWatch.exe

    BPS Spyware Remover: Program directory (Directory, fixed)
    C:\Program Files\BulletProofSoft.com\SpywareRemover\

    BPS Spyware Remover: Program group (Directory, fixed)
    C:\Documents and Settings\All Users\Start
    Menu\Programs\BulletProofSoft.com

    BPS Spyware Remover: Shared DLL (1 apps) (Registry value, fixed)

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\P
    rogram Files\BulletProofSoft.com\SpywareRemover\Spyware.exe

    BPS Spyware Remover: Shared DLL (1 apps) (Registry value, fixed)

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\P
    rogram
    Files\BulletProofSoft.com\SpywareRemover\popup-watch\PopUpWatch.exe<<<<<<<<<
    <<<

    Initial Spybot Startup list (this and the initial scan was done from
    SafeMode) I recognize all processes here.
    >>>>Located: HK_LM:Run, ccApp
    command: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    file: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    size: 58992
    MD5: e5f9b0314442ea5816518c64b02f10a2

    Located: HK_LM:Run, DeviceDiscovery
    command: C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    file: C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    size: 229437
    MD5: 7eef9e578d2aa3d562d074bfdfe56825

    Located: HK_LM:Run, HP Component Manager
    command: "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    file: C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    size: 241664
    MD5: f5f1a8cdd473d55f9bf6fe23f715b0fa

    Located: HK_LM:Run, HP Software Update
    command: "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
    file: C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    size: 49152
    MD5: 6ad9dcb0257b10ea458165f70634dabc

    Located: HK_LM:Run, HPDJ Taskbar Utility
    command: C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
    file: C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
    size: 188416
    MD5: b25f66fdaa5a0389500c8a9e0433e5a5

    Located: HK_LM:Run, NeroFilterCheck
    command: C:\WINDOWS\system32\NeroCheck.exe
    file: C:\WINDOWS\system32\NeroCheck.exe
    size: 155648
    MD5: 3e4c03cefad8de135263236b61a49c90

    Located: HK_LM:Run, NvCplDaemon
    command: RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    file: C:\WINDOWS\system32\RUNDLL32.EXE
    size: 33280
    MD5: da285490bbd8a1d0ce6623577d5ba1ff

    Located: HK_LM:Run, nwiz
    command: nwiz.exe /install
    file: C:\WINDOWS\system32\nwiz.exe
    size: 741376
    MD5: a4ae9ba1e10cb9f6c0949c4db91a1f72

    Located: HK_LM:Run, SoundMan
    command: SOUNDMAN.EXE
    file: C:\WINDOWS\SOUNDMAN.EXE
    size: 77824
    MD5: 6351b9d79370a6795921fa3c3950ded6

    Located: HK_LM:Run, Symantec NetDriver Monitor
    command: C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    file: C:\PROGRA~1\SYMNET~1\SNDMon.exe
    size: 100056
    MD5: f9418981ee4d7e995d359833adab59d5

    Located: HK_LM:Run, TkBellExe
    command: "C:\Program Files\Common
    iles\Real\Update_OB\realsched.exe" -osboot
    file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    size: 180269
    MD5: b8e684df9a97497edd2f87444a6307fb

    Located: HK_CU:Run, ctfmon.exe
    command: C:\WINDOWS\system32\ctfmon.exe
    file: C:\WINDOWS\system32\ctfmon.exe
    size: 15360
    MD5: 24232996a38c0b0cf151c2140ae29fc8

    Located: Startup (common), Adobe Reader Speed Launch.lnk
    command: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    file: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    size: 29696
    MD5: deb88aef013dd1eefb462d7cad642166

    Located: Startup (common), ZoneAlarm Pro.lnk
    command: C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    file: C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    size: 422984
    MD5: 3b2d0ab3d2dbc4cbbd6b9cd9be59a799

    Located: Startup (disabled), Acrobat Assistant (DISABLED)
    command: C:\PROGRA~1\Adobe\ACROBA~1.0\Distillr\acrotray.exe
    file: C:\PROGRA~1\Adobe\ACROBA~1.0\Distillr\acrotray.exe
    size: 217193
    MD5: 78bfe3201ada2fe02d1e35d2488e5f55

    Located: Startup (disabled), Adobe Gamma Loader (DISABLED)
    command: C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE
    file: C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE
    size: 113664
    MD5: c2ff17734176cd15221c10044ef0ba1a

    Located: Startup (disabled), Microsoft Office (DISABLED)
    command: C:\PROGRA~1\MICROS~2\Office10\OSA.EXE -b -l
    file: C:\PROGRA~1\MICROS~2\Office10\OSA.EXE
    size: 83360
    MD5: 5bc65464354a9fd3beaa28e18839734a

    Located: Startup (disabled), ZoneAlarm Pro (DISABLED)
    command: C:\PROGRA~1\ZONELA~1\ZONEAL~1\zapro.exe -nopopup
    file: C:\PROGRA~1\ZONELA~1\ZONEAL~1\zapro.exe
    size: 422984
    MD5: 3b2d0ab3d2dbc4cbbd6b9cd9be59a799<<<<<
    "Wm. Scott Miller" <Scott.Miller@spamkillerwvinsurance.gov> wrote in message
    news:%23KnT1ijjFHA.576@tk2msftngp13.phx.gbl...
    > mgm:
    >
    > If I were you, I'd learn how to remove spyware, adware, virus, etc
    manually
    > because not every one is going to be caught by every tool out there. Of
    > course try to find a tool to remove it for you, but when that fails, there
    > is only manual, especially if you want if off instead of waiting for a def
    > update. After all there is always a lag time between release of a
    > spyware/adware/virus/worm/etc and the tools ability to remove it. Use
    > Ad-Aware, Spybot S&D, etc, but also make sure you know what is running on
    > that machine and what might not belong. Blind trust in those companies to
    > find everything out there is a HUGE mistake.
    >
    > To do this manually, you can use several tools. Most of them I've gotten
    > from www.sysinternals.com (not associated, just like their tools). Here
    is
    > a list of the ones I use:
    >
    > 1. Process Manager -- Task Manager replacement that shows alot more
    > information (like what is running inside those svchost.exe's)
    > 2. SigCheck -- Check to see what files in your Windows and
    Windows/System32
    > etc directories have no signitures or unverifiable signitures (WARNING:
    > Some Microsoft files still do not have sigs so use tool to highlight
    > possible hoax programs, but make sure you don't go deleting everything it
    > finds)
    > 3. AutoRuns -- You have probably used MSConfig. This is much more
    advanced
    > and usful for finding that program and where it is starting from.
    > 4. PortMon -- What ports on your machine are listening for connections
    and
    > what programs they belong to.
    >
    > If you cannot find the program with these, then you have bigger
    > problems.....
    >
    > Scott
    >
    > "mgm" <mgmombo@hotmail.com> wrote in message
    > news:%235IxkrYjFHA.3336@tk2msftngp13.phx.gbl...
    > >a couple of months ago I installed Norton Anti-Virus. Now when ever I
    run
    > > Ad-Aware, BulletProof Spy detector places shortcuts in a new folder on
    my
    > > desktop.
    > >
    > > Is anyone here familiar with BulletProof? Is this part of a Norton
    suite?
    > > Do I have to be concerned about the security of my XP pro box?
    > >
    > >
    >
    >
  11. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    mgm,

    You have a bunch of other trash that you do not need running, but we better
    stick to BPSSR for now.

    Did you try to run Spybot S&D and Ad-Aware in Safe Mode like Malke
    suggested? Some malware like to conceal themselves in areas that Windows
    protects while using them. Safe mode will prevent those application
    accesses, and therefore unprotect the malware.

    Did you download, install and run HijackThis in Safe Mode like Malke
    suggested?

    4) HijackThis
    http://www.spywareinfo.com/~merijn/downloads.html

    4a) HijackThis (direct download)
    http://aumha.org/downloads/hijackthis.zip

    HijackThis log tutorial
    http://www.spywareinfo.com/~merijn/htlogtutorial.html

    HijackThis Log Tutorial
    http://www.aumha.org/a/hjttutor.htm

    How to use HijackThis to remove Browser Hijackers & Spyware
    http://www.bleepingcomputer.com/forums/index.php?showtutorial=42#warning

    Is there a listing for BulletProofSoft SpywareRemover in Add or Remove
    Programs?

    Was the MsiInstaller Warning about a failed uninstall? Did you try to
    uninstall BPSSR using Add or Remove Programs? If you didn't, try it. Never
    mind you mentioned that it wasn't listed. So what caused the MsiInstaller
    Warning?

    CLSID {0BF1F54D-ECAC-4E46-A5A5-A60ED0332D3E} appears to be BPSSR.

    Also look for {0BF1F54D-ECAC-4E46-A5A5-A60ED0332D3E} in
    %appdata%\Microsoft\Installer
    or
    C:\Documents and Settings\Your Name Here\Application
    Data\Microsoft\Installer
    and
    %windir%\Installer
    or
    C:\WINDOWS\Installer
    And delete the {0BF1F54D-ECAC-4E46-A5A5-A60ED0332D3E} folder. This ought to
    prevent BPSSR from getting installed again.

    Spyware.exe & PopUpWatch.exe would appear to be the BPSSR program. Make
    sure that you use Task Manager to *KILL* both of these before running Spybot
    S&D, etc.

    Open Task Manager...
    Ctrl + Shift + Esc | Processes tab | Click on the Image name header to
    alphabetize the list | Locate Spyware.exe & PopUpWatch.exe | Right click
    each one | End Process | Answer YES to the Warning that popsup | Make sure
    that there isn't more than one of each running | Close Task Manager

    --
    Hope this helps. Let us know.

    Wes
    MS-MVP Windows Shell/User

    In news:%23mhAN5mjFHA.1444@TK2MSFTNGP10.phx.gbl,
    mgm <mgmombo@hotmail.com> hunted and pecked:
    > Amen to Scott and a big thank you to all you contributed.
    > If anyone can offer some added input after reviewing the logs, it would be
    > greatly appreciated. Thanks..mgm
    >
    > I have NAV 2005, spybot s&d, Adaware, ZoneAlarm Pro(all updated) and all
    > XP's latest and grestest patch/update software running behind a hardware
    > firewall (router) and STILL got the BulletProof mess.
    >
    > After checking my application event logs, I noted that the BPS mess begins
    > executing at 4:15 AM everyday. Adaware and Spybot also auto execute in
    > the wee hrs. 2:15 and 3AM.
    > By checking the event log, I got BPS CLSID and found it in the registry.
    > With this ID I hope to let SpyBlaster block it from executing tomorrow am.
    > Wesley Vogel requested some logs, so here they are. I hope they can help
    > others to clean up or, better yet, avoid the mess
    > Application event log:
    >>>>> Event Type: Warning
    > Event Source: MsiInstaller
    > Event Category: None
    > Event ID: 1004
    > Date: 7/21/2005
    > Time: 4:15:02 AM
    > User: XXXXX\Administrator
    > Computer: XXXXX
    > Description:
    > Detection of product '{0BF1F54D-ECAC-4E46-A5A5-A60ED0332D3E}', feature
    > 'SpywareRemover', component '{23332A7D-C96D-4A86-830C-71CBE466BA78}'
    > failed. The resource 'C:\Program
    > Files\BulletProofSoft.com\SpywareRemover\LSPFix.exe' does not exist.
    >
    > For more information, see Help and Support Center at
    > http://go.microsoft.com/fwlink/events.asp.
    >
    > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App
    > Management\ARPCache\{0BF1F54D-ECAC-4E46-A5A5-A60ED0332D3E}<<<<<<
    >
    > Initial SpyBot run that "fixed" BulletProof" (removed)
    >>>>> BPS Spyware Remover: System file (File, fixed)
    > C:\Program Files\BulletProofSoft.com\SpywareRemover\Spyware.exe
    >
    > BPS Spyware Remover: System file (File, fixed)
    > C:\Program
    > Files\BulletProofSoft.com\SpywareRemover\popup-watch\PopUpWatch.exe
    >
    > BPS Spyware Remover: Program directory (Directory, fixed)
    > C:\Program Files\BulletProofSoft.com\SpywareRemover\
    >
    > BPS Spyware Remover: Program group (Directory, fixed)
    > C:\Documents and Settings\All Users\Start
    > Menu\Programs\BulletProofSoft.com
    >
    > BPS Spyware Remover: Shared DLL (1 apps) (Registry value, fixed)
    >
    >
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\P
    > rogram Files\BulletProofSoft.com\SpywareRemover\Spyware.exe
    >
    > BPS Spyware Remover: Shared DLL (1 apps) (Registry value, fixed)
    >
    >
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\P
    > rogram
    >
    Files\BulletProofSoft.com\SpywareRemover\popup-watch\PopUpWatch.exe<<<<<<<<<
    > <<<
    >
    > Initial Spybot Startup list (this and the initial scan was done from
    > SafeMode) I recognize all processes here.
    >>>>> Located: HK_LM:Run, ccApp
    > command: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    > file: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    > size: 58992
    > MD5: e5f9b0314442ea5816518c64b02f10a2
    >
    > Located: HK_LM:Run, DeviceDiscovery
    > command: C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    > file: C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    > size: 229437
    > MD5: 7eef9e578d2aa3d562d074bfdfe56825
    >
    > Located: HK_LM:Run, HP Component Manager
    > command: "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    > file: C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    > size: 241664
    > MD5: f5f1a8cdd473d55f9bf6fe23f715b0fa
    >
    > Located: HK_LM:Run, HP Software Update
    > command: "C:\Program Files\Hewlett-Packard\HP Software
    > Update\HPWuSchd2.exe" file: C:\Program Files\Hewlett-Packard\HP
    > Software Update\HPWuSchd2.exe size: 49152
    > MD5: 6ad9dcb0257b10ea458165f70634dabc
    >
    > Located: HK_LM:Run, HPDJ Taskbar Utility
    > command: C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
    > file: C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
    > size: 188416
    > MD5: b25f66fdaa5a0389500c8a9e0433e5a5
    >
    > Located: HK_LM:Run, NeroFilterCheck
    > command: C:\WINDOWS\system32\NeroCheck.exe
    > file: C:\WINDOWS\system32\NeroCheck.exe
    > size: 155648
    > MD5: 3e4c03cefad8de135263236b61a49c90
    >
    > Located: HK_LM:Run, NvCplDaemon
    > command: RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    > file: C:\WINDOWS\system32\RUNDLL32.EXE
    > size: 33280
    > MD5: da285490bbd8a1d0ce6623577d5ba1ff
    >
    > Located: HK_LM:Run, nwiz
    > command: nwiz.exe /install
    > file: C:\WINDOWS\system32\nwiz.exe
    > size: 741376
    > MD5: a4ae9ba1e10cb9f6c0949c4db91a1f72
    >
    > Located: HK_LM:Run, SoundMan
    > command: SOUNDMAN.EXE
    > file: C:\WINDOWS\SOUNDMAN.EXE
    > size: 77824
    > MD5: 6351b9d79370a6795921fa3c3950ded6
    >
    > Located: HK_LM:Run, Symantec NetDriver Monitor
    > command: C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    > file: C:\PROGRA~1\SYMNET~1\SNDMon.exe
    > size: 100056
    > MD5: f9418981ee4d7e995d359833adab59d5
    >
    > Located: HK_LM:Run, TkBellExe
    > command: "C:\Program Files\Common
    > iles\Real\Update_OB\realsched.exe" -osboot
    > file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    > size: 180269
    > MD5: b8e684df9a97497edd2f87444a6307fb
    >
    > Located: HK_CU:Run, ctfmon.exe
    > command: C:\WINDOWS\system32\ctfmon.exe
    > file: C:\WINDOWS\system32\ctfmon.exe
    > size: 15360
    > MD5: 24232996a38c0b0cf151c2140ae29fc8
    >
    > Located: Startup (common), Adobe Reader Speed Launch.lnk
    > command: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    > file: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    > size: 29696
    > MD5: deb88aef013dd1eefb462d7cad642166
    >
    > Located: Startup (common), ZoneAlarm Pro.lnk
    > command: C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    > file: C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    > size: 422984
    > MD5: 3b2d0ab3d2dbc4cbbd6b9cd9be59a799
    >
    > Located: Startup (disabled), Acrobat Assistant (DISABLED)
    > command: C:\PROGRA~1\Adobe\ACROBA~1.0\Distillr\acrotray.exe
    > file: C:\PROGRA~1\Adobe\ACROBA~1.0\Distillr\acrotray.exe
    > size: 217193
    > MD5: 78bfe3201ada2fe02d1e35d2488e5f55
    >
    > Located: Startup (disabled), Adobe Gamma Loader (DISABLED)
    > command: C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE
    > file: C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE
    > size: 113664
    > MD5: c2ff17734176cd15221c10044ef0ba1a
    >
    > Located: Startup (disabled), Microsoft Office (DISABLED)
    > command: C:\PROGRA~1\MICROS~2\Office10\OSA.EXE -b -l
    > file: C:\PROGRA~1\MICROS~2\Office10\OSA.EXE
    > size: 83360
    > MD5: 5bc65464354a9fd3beaa28e18839734a
    >
    > Located: Startup (disabled), ZoneAlarm Pro (DISABLED)
    > command: C:\PROGRA~1\ZONELA~1\ZONEAL~1\zapro.exe -nopopup
    > file: C:\PROGRA~1\ZONELA~1\ZONEAL~1\zapro.exe
    > size: 422984
    > MD5: 3b2d0ab3d2dbc4cbbd6b9cd9be59a799<<<<<
    > "Wm. Scott Miller" <Scott.Miller@spamkillerwvinsurance.gov> wrote in
    > message news:%23KnT1ijjFHA.576@tk2msftngp13.phx.gbl...
    >> mgm:
    >>
    >> If I were you, I'd learn how to remove spyware, adware, virus, etc
    >> manually because not every one is going to be caught by every tool out
    >> there. Of course try to find a tool to remove it for you, but when that
    >> fails, there is only manual, especially if you want if off instead of
    >> waiting for a def update. After all there is always a lag time between
    >> release of a spyware/adware/virus/worm/etc and the tools ability to
    >> remove it. Use Ad-Aware, Spybot S&D, etc, but also make sure you know
    >> what is running on that machine and what might not belong. Blind trust
    >> in those companies to find everything out there is a HUGE mistake.
    >>
    >> To do this manually, you can use several tools. Most of them I've gotten
    >> from www.sysinternals.com (not associated, just like their tools). Here
    >> is a list of the ones I use:
    >>
    >> 1. Process Manager -- Task Manager replacement that shows alot more
    >> information (like what is running inside those svchost.exe's)
    >> 2. SigCheck -- Check to see what files in your Windows and
    >> Windows/System32 etc directories have no signitures or unverifiable
    >> signitures (WARNING: Some Microsoft files still do not have sigs so use
    >> tool to highlight possible hoax programs, but make sure you don't go
    >> deleting everything it finds)
    >> 3. AutoRuns -- You have probably used MSConfig. This is much more
    >> advanced and usful for finding that program and where it is starting
    >> from.
    >> 4. PortMon -- What ports on your machine are listening for connections
    >> and what programs they belong to.
    >>
    >> If you cannot find the program with these, then you have bigger
    >> problems.....
    >>
    >> Scott
    >>
    >> "mgm" <mgmombo@hotmail.com> wrote in message
    >> news:%235IxkrYjFHA.3336@tk2msftngp13.phx.gbl...
    >>> a couple of months ago I installed Norton Anti-Virus. Now when ever I
    >>> run Ad-Aware, BulletProof Spy detector places shortcuts in a new folder
    >>> on my desktop.
    >>>
    >>> Is anyone here familiar with BulletProof? Is this part of a Norton
    >>> suite? Do I have to be concerned about the security of my XP pro box?
  12. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Yes, all was done in safe mode and finally the BPS has been removed. All BPS
    has been removed and blocked via Spybot and SpywareBlaster... AND most
    important, it's really gone. Again, thanks to all for your input
    "Wesley Vogel" <123WVogel955@comcast.net> wrote in message
    news:epIeMXtjFHA.1968@TK2MSFTNGP14.phx.gbl...
    > mgm,
    >
    > You have a bunch of other trash that you do not need running, but we
    > better
    > stick to BPSSR for now.
    >
    > Did you try to run Spybot S&D and Ad-Aware in Safe Mode like Malke
    > suggested? Some malware like to conceal themselves in areas that Windows
    > protects while using them. Safe mode will prevent those application
    > accesses, and therefore unprotect the malware.
    >
    > Did you download, install and run HijackThis in Safe Mode like Malke
    > suggested?
    >
    > 4) HijackThis
    > http://www.spywareinfo.com/~merijn/downloads.html
    >
    > 4a) HijackThis (direct download)
    > http://aumha.org/downloads/hijackthis.zip
    >
    > HijackThis log tutorial
    > http://www.spywareinfo.com/~merijn/htlogtutorial.html
    >
    > HijackThis Log Tutorial
    > http://www.aumha.org/a/hjttutor.htm
    >
    > How to use HijackThis to remove Browser Hijackers & Spyware
    > http://www.bleepingcomputer.com/forums/index.php?showtutorial=42#warning
    >
    > Is there a listing for BulletProofSoft SpywareRemover in Add or Remove
    > Programs?
    >
    > Was the MsiInstaller Warning about a failed uninstall? Did you try to
    > uninstall BPSSR using Add or Remove Programs? If you didn't, try it.
    > Never
    > mind you mentioned that it wasn't listed. So what caused the MsiInstaller
    > Warning?
    >
    > CLSID {0BF1F54D-ECAC-4E46-A5A5-A60ED0332D3E} appears to be BPSSR.
    >
    > Also look for {0BF1F54D-ECAC-4E46-A5A5-A60ED0332D3E} in
    > %appdata%\Microsoft\Installer
    > or
    > C:\Documents and Settings\Your Name Here\Application
    > Data\Microsoft\Installer
    > and
    > %windir%\Installer
    > or
    > C:\WINDOWS\Installer
    > And delete the {0BF1F54D-ECAC-4E46-A5A5-A60ED0332D3E} folder. This ought
    > to
    > prevent BPSSR from getting installed again.
    >
    > Spyware.exe & PopUpWatch.exe would appear to be the BPSSR program. Make
    > sure that you use Task Manager to *KILL* both of these before running
    > Spybot
    > S&D, etc.
    >
    > Open Task Manager...
    > Ctrl + Shift + Esc | Processes tab | Click on the Image name header to
    > alphabetize the list | Locate Spyware.exe & PopUpWatch.exe | Right click
    > each one | End Process | Answer YES to the Warning that popsup | Make sure
    > that there isn't more than one of each running | Close Task Manager
    >
    > --
    > Hope this helps. Let us know.
    >
    > Wes
    > MS-MVP Windows Shell/User
    >
    > In news:%23mhAN5mjFHA.1444@TK2MSFTNGP10.phx.gbl,
    > mgm <mgmombo@hotmail.com> hunted and pecked:
    >> Amen to Scott and a big thank you to all you contributed.
    >> If anyone can offer some added input after reviewing the logs, it would
    >> be
    >> greatly appreciated. Thanks..mgm
    >>
    >> I have NAV 2005, spybot s&d, Adaware, ZoneAlarm Pro(all updated) and all
    >> XP's latest and grestest patch/update software running behind a hardware
    >> firewall (router) and STILL got the BulletProof mess.
    >>
    >> After checking my application event logs, I noted that the BPS mess
    >> begins
    >> executing at 4:15 AM everyday. Adaware and Spybot also auto execute in
    >> the wee hrs. 2:15 and 3AM.
    >> By checking the event log, I got BPS CLSID and found it in the registry.
    >> With this ID I hope to let SpyBlaster block it from executing tomorrow
    >> am.
    >> Wesley Vogel requested some logs, so here they are. I hope they can help
    >> others to clean up or, better yet, avoid the mess
    >> Application event log:
    >>>>>> Event Type: Warning
    >> Event Source: MsiInstaller
    >> Event Category: None
    >> Event ID: 1004
    >> Date: 7/21/2005
    >> Time: 4:15:02 AM
    >> User: XXXXX\Administrator
    >> Computer: XXXXX
    >> Description:
    >> Detection of product '{0BF1F54D-ECAC-4E46-A5A5-A60ED0332D3E}', feature
    >> 'SpywareRemover', component '{23332A7D-C96D-4A86-830C-71CBE466BA78}'
    >> failed. The resource 'C:\Program
    >> Files\BulletProofSoft.com\SpywareRemover\LSPFix.exe' does not exist.
    >>
    >> For more information, see Help and Support Center at
    >> http://go.microsoft.com/fwlink/events.asp.
    >>
    >> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App
    >> Management\ARPCache\{0BF1F54D-ECAC-4E46-A5A5-A60ED0332D3E}<<<<<<
    >>
    >> Initial SpyBot run that "fixed" BulletProof" (removed)
    >>>>>> BPS Spyware Remover: System file (File, fixed)
    >> C:\Program Files\BulletProofSoft.com\SpywareRemover\Spyware.exe
    >>
    >> BPS Spyware Remover: System file (File, fixed)
    >> C:\Program
    >> Files\BulletProofSoft.com\SpywareRemover\popup-watch\PopUpWatch.exe
    >>
    >> BPS Spyware Remover: Program directory (Directory, fixed)
    >> C:\Program Files\BulletProofSoft.com\SpywareRemover\
    >>
    >> BPS Spyware Remover: Program group (Directory, fixed)
    >> C:\Documents and Settings\All Users\Start
    >> Menu\Programs\BulletProofSoft.com
    >>
    >> BPS Spyware Remover: Shared DLL (1 apps) (Registry value, fixed)
    >>
    >>
    > HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\P
    >> rogram Files\BulletProofSoft.com\SpywareRemover\Spyware.exe
    >>
    >> BPS Spyware Remover: Shared DLL (1 apps) (Registry value, fixed)
    >>
    >>
    > HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\P
    >> rogram
    >>
    > Files\BulletProofSoft.com\SpywareRemover\popup-watch\PopUpWatch.exe<<<<<<<<<
    >> <<<
    >>
    >> Initial Spybot Startup list (this and the initial scan was done from
    >> SafeMode) I recognize all processes here.
    >>>>>> Located: HK_LM:Run, ccApp
    >> command: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    >> file: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    >> size: 58992
    >> MD5: e5f9b0314442ea5816518c64b02f10a2
    >>
    >> Located: HK_LM:Run, DeviceDiscovery
    >> command: C:\Program Files\Hewlett-Packard\Digital
    >> Imaging\bin\hpotdd01.exe
    >> file: C:\Program Files\Hewlett-Packard\Digital
    >> Imaging\bin\hpotdd01.exe
    >> size: 229437
    >> MD5: 7eef9e578d2aa3d562d074bfdfe56825
    >>
    >> Located: HK_LM:Run, HP Component Manager
    >> command: "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    >> file: C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    >> size: 241664
    >> MD5: f5f1a8cdd473d55f9bf6fe23f715b0fa
    >>
    >> Located: HK_LM:Run, HP Software Update
    >> command: "C:\Program Files\Hewlett-Packard\HP Software
    >> Update\HPWuSchd2.exe" file: C:\Program Files\Hewlett-Packard\HP
    >> Software Update\HPWuSchd2.exe size: 49152
    >> MD5: 6ad9dcb0257b10ea458165f70634dabc
    >>
    >> Located: HK_LM:Run, HPDJ Taskbar Utility
    >> command: C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
    >> file: C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
    >> size: 188416
    >> MD5: b25f66fdaa5a0389500c8a9e0433e5a5
    >>
    >> Located: HK_LM:Run, NeroFilterCheck
    >> command: C:\WINDOWS\system32\NeroCheck.exe
    >> file: C:\WINDOWS\system32\NeroCheck.exe
    >> size: 155648
    >> MD5: 3e4c03cefad8de135263236b61a49c90
    >>
    >> Located: HK_LM:Run, NvCplDaemon
    >> command: RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    >> file: C:\WINDOWS\system32\RUNDLL32.EXE
    >> size: 33280
    >> MD5: da285490bbd8a1d0ce6623577d5ba1ff
    >>
    >> Located: HK_LM:Run, nwiz
    >> command: nwiz.exe /install
    >> file: C:\WINDOWS\system32\nwiz.exe
    >> size: 741376
    >> MD5: a4ae9ba1e10cb9f6c0949c4db91a1f72
    >>
    >> Located: HK_LM:Run, SoundMan
    >> command: SOUNDMAN.EXE
    >> file: C:\WINDOWS\SOUNDMAN.EXE
    >> size: 77824
    >> MD5: 6351b9d79370a6795921fa3c3950ded6
    >>
    >> Located: HK_LM:Run, Symantec NetDriver Monitor
    >> command: C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    >> file: C:\PROGRA~1\SYMNET~1\SNDMon.exe
    >> size: 100056
    >> MD5: f9418981ee4d7e995d359833adab59d5
    >>
    >> Located: HK_LM:Run, TkBellExe
    >> command: "C:\Program Files\Common
    >> iles\Real\Update_OB\realsched.exe" -osboot
    >> file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    >> size: 180269
    >> MD5: b8e684df9a97497edd2f87444a6307fb
    >>
    >> Located: HK_CU:Run, ctfmon.exe
    >> command: C:\WINDOWS\system32\ctfmon.exe
    >> file: C:\WINDOWS\system32\ctfmon.exe
    >> size: 15360
    >> MD5: 24232996a38c0b0cf151c2140ae29fc8
    >>
    >> Located: Startup (common), Adobe Reader Speed Launch.lnk
    >> command: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    >> file: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    >> size: 29696
    >> MD5: deb88aef013dd1eefb462d7cad642166
    >>
    >> Located: Startup (common), ZoneAlarm Pro.lnk
    >> command: C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    >> file: C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    >> size: 422984
    >> MD5: 3b2d0ab3d2dbc4cbbd6b9cd9be59a799
    >>
    >> Located: Startup (disabled), Acrobat Assistant (DISABLED)
    >> command: C:\PROGRA~1\Adobe\ACROBA~1.0\Distillr\acrotray.exe
    >> file: C:\PROGRA~1\Adobe\ACROBA~1.0\Distillr\acrotray.exe
    >> size: 217193
    >> MD5: 78bfe3201ada2fe02d1e35d2488e5f55
    >>
    >> Located: Startup (disabled), Adobe Gamma Loader (DISABLED)
    >> command: C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE
    >> file: C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE
    >> size: 113664
    >> MD5: c2ff17734176cd15221c10044ef0ba1a
    >>
    >> Located: Startup (disabled), Microsoft Office (DISABLED)
    >> command: C:\PROGRA~1\MICROS~2\Office10\OSA.EXE -b -l
    >> file: C:\PROGRA~1\MICROS~2\Office10\OSA.EXE
    >> size: 83360
    >> MD5: 5bc65464354a9fd3beaa28e18839734a
    >>
    >> Located: Startup (disabled), ZoneAlarm Pro (DISABLED)
    >> command: C:\PROGRA~1\ZONELA~1\ZONEAL~1\zapro.exe -nopopup
    >> file: C:\PROGRA~1\ZONELA~1\ZONEAL~1\zapro.exe
    >> size: 422984
    >> MD5: 3b2d0ab3d2dbc4cbbd6b9cd9be59a799<<<<<
    >> "Wm. Scott Miller" <Scott.Miller@spamkillerwvinsurance.gov> wrote in
    >> message news:%23KnT1ijjFHA.576@tk2msftngp13.phx.gbl...
    >>> mgm:
    >>>
    >>> If I were you, I'd learn how to remove spyware, adware, virus, etc
    >>> manually because not every one is going to be caught by every tool out
    >>> there. Of course try to find a tool to remove it for you, but when that
    >>> fails, there is only manual, especially if you want if off instead of
    >>> waiting for a def update. After all there is always a lag time between
    >>> release of a spyware/adware/virus/worm/etc and the tools ability to
    >>> remove it. Use Ad-Aware, Spybot S&D, etc, but also make sure you know
    >>> what is running on that machine and what might not belong. Blind trust
    >>> in those companies to find everything out there is a HUGE mistake.
    >>>
    >>> To do this manually, you can use several tools. Most of them I've
    >>> gotten
    >>> from www.sysinternals.com (not associated, just like their tools). Here
    >>> is a list of the ones I use:
    >>>
    >>> 1. Process Manager -- Task Manager replacement that shows alot more
    >>> information (like what is running inside those svchost.exe's)
    >>> 2. SigCheck -- Check to see what files in your Windows and
    >>> Windows/System32 etc directories have no signitures or unverifiable
    >>> signitures (WARNING: Some Microsoft files still do not have sigs so use
    >>> tool to highlight possible hoax programs, but make sure you don't go
    >>> deleting everything it finds)
    >>> 3. AutoRuns -- You have probably used MSConfig. This is much more
    >>> advanced and usful for finding that program and where it is starting
    >>> from.
    >>> 4. PortMon -- What ports on your machine are listening for connections
    >>> and what programs they belong to.
    >>>
    >>> If you cannot find the program with these, then you have bigger
    >>> problems.....
    >>>
    >>> Scott
    >>>
    >>> "mgm" <mgmombo@hotmail.com> wrote in message
    >>> news:%235IxkrYjFHA.3336@tk2msftngp13.phx.gbl...
    >>>> a couple of months ago I installed Norton Anti-Virus. Now when ever I
    >>>> run Ad-Aware, BulletProof Spy detector places shortcuts in a new folder
    >>>> on my desktop.
    >>>>
    >>>> Is anyone here familiar with BulletProof? Is this part of a Norton
    >>>> suite? Do I have to be concerned about the security of my XP pro box?
    >
  13. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Glad to hear it. Keep having fun. :-)

    --
    Hope this helps. Let us know.

    Wes
    MS-MVP Windows Shell/User

    In news:%23guCaFujFHA.3568@TK2MSFTNGP10.phx.gbl,
    mgm <mgmombo@hotmail.com> hunted and pecked:
    > Yes, all was done in safe mode and finally the BPS has been removed. All
    > BPS has been removed and blocked via Spybot and SpywareBlaster... AND most
    > important, it's really gone. Again, thanks to all for your input
    > "Wesley Vogel" <123WVogel955@comcast.net> wrote in message
    > news:epIeMXtjFHA.1968@TK2MSFTNGP14.phx.gbl...
    >> mgm,
    >>
    >> You have a bunch of other trash that you do not need running, but we
    >> better
    >> stick to BPSSR for now.
    >>
    >> Did you try to run Spybot S&D and Ad-Aware in Safe Mode like Malke
    >> suggested? Some malware like to conceal themselves in areas that Windows
    >> protects while using them. Safe mode will prevent those application
    >> accesses, and therefore unprotect the malware.
    >>
    >> Did you download, install and run HijackThis in Safe Mode like Malke
    >> suggested?
    >>
    >> 4) HijackThis
    >> http://www.spywareinfo.com/~merijn/downloads.html
    >>
    >> 4a) HijackThis (direct download)
    >> http://aumha.org/downloads/hijackthis.zip
    >>
    >> HijackThis log tutorial
    >> http://www.spywareinfo.com/~merijn/htlogtutorial.html
    >>
    >> HijackThis Log Tutorial
    >> http://www.aumha.org/a/hjttutor.htm
    >>
    >> How to use HijackThis to remove Browser Hijackers & Spyware
    >> http://www.bleepingcomputer.com/forums/index.php?showtutorial=42#warning
    >>
    >> Is there a listing for BulletProofSoft SpywareRemover in Add or Remove
    >> Programs?
    >>
    >> Was the MsiInstaller Warning about a failed uninstall? Did you try to
    >> uninstall BPSSR using Add or Remove Programs? If you didn't, try it.
    >> Never
    >> mind you mentioned that it wasn't listed. So what caused the
    >> MsiInstaller Warning?
    >>
    >> CLSID {0BF1F54D-ECAC-4E46-A5A5-A60ED0332D3E} appears to be BPSSR.
    >>
    >> Also look for {0BF1F54D-ECAC-4E46-A5A5-A60ED0332D3E} in
    >> %appdata%\Microsoft\Installer
    >> or
    >> C:\Documents and Settings\Your Name Here\Application
    >> Data\Microsoft\Installer
    >> and
    >> %windir%\Installer
    >> or
    >> C:\WINDOWS\Installer
    >> And delete the {0BF1F54D-ECAC-4E46-A5A5-A60ED0332D3E} folder. This ought
    >> to
    >> prevent BPSSR from getting installed again.
    >>
    >> Spyware.exe & PopUpWatch.exe would appear to be the BPSSR program. Make
    >> sure that you use Task Manager to *KILL* both of these before running
    >> Spybot
    >> S&D, etc.
    >>
    >> Open Task Manager...
    >> Ctrl + Shift + Esc | Processes tab | Click on the Image name header to
    >> alphabetize the list | Locate Spyware.exe & PopUpWatch.exe | Right click
    >> each one | End Process | Answer YES to the Warning that popsup | Make
    >> sure that there isn't more than one of each running | Close Task Manager
    >>
    >> --
    >> Hope this helps. Let us know.
    >>
    >> Wes
    >> MS-MVP Windows Shell/User
    >>
    >> In news:%23mhAN5mjFHA.1444@TK2MSFTNGP10.phx.gbl,
    >> mgm <mgmombo@hotmail.com> hunted and pecked:
    >>> Amen to Scott and a big thank you to all you contributed.
    >>> If anyone can offer some added input after reviewing the logs, it would
    >>> be
    >>> greatly appreciated. Thanks..mgm
    >>>
    >>> I have NAV 2005, spybot s&d, Adaware, ZoneAlarm Pro(all updated) and all
    >>> XP's latest and grestest patch/update software running behind a hardware
    >>> firewall (router) and STILL got the BulletProof mess.
    >>>
    >>> After checking my application event logs, I noted that the BPS mess
    >>> begins
    >>> executing at 4:15 AM everyday. Adaware and Spybot also auto execute in
    >>> the wee hrs. 2:15 and 3AM.
    >>> By checking the event log, I got BPS CLSID and found it in the registry.
    >>> With this ID I hope to let SpyBlaster block it from executing tomorrow
    >>> am.
    >>> Wesley Vogel requested some logs, so here they are. I hope they can
    >>> help others to clean up or, better yet, avoid the mess
    >>> Application event log:
    >>>>>>> Event Type: Warning
    >>> Event Source: MsiInstaller
    >>> Event Category: None
    >>> Event ID: 1004
    >>> Date: 7/21/2005
    >>> Time: 4:15:02 AM
    >>> User: XXXXX\Administrator
    >>> Computer: XXXXX
    >>> Description:
    >>> Detection of product '{0BF1F54D-ECAC-4E46-A5A5-A60ED0332D3E}', feature
    >>> 'SpywareRemover', component '{23332A7D-C96D-4A86-830C-71CBE466BA78}'
    >>> failed. The resource 'C:\Program
    >>> Files\BulletProofSoft.com\SpywareRemover\LSPFix.exe' does not exist.
    >>>
    >>> For more information, see Help and Support Center at
    >>> http://go.microsoft.com/fwlink/events.asp.
    >>>
    >>> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App
    >>> Management\ARPCache\{0BF1F54D-ECAC-4E46-A5A5-A60ED0332D3E}<<<<<<
    >>>
    >>> Initial SpyBot run that "fixed" BulletProof" (removed)
    >>>>>>> BPS Spyware Remover: System file (File, fixed)
    >>> C:\Program Files\BulletProofSoft.com\SpywareRemover\Spyware.exe
    >>>
    >>> BPS Spyware Remover: System file (File, fixed)
    >>> C:\Program
    >>> Files\BulletProofSoft.com\SpywareRemover\popup-watch\PopUpWatch.exe
    >>>
    >>> BPS Spyware Remover: Program directory (Directory, fixed)
    >>> C:\Program Files\BulletProofSoft.com\SpywareRemover\
    >>>
    >>> BPS Spyware Remover: Program group (Directory, fixed)
    >>> C:\Documents and Settings\All Users\Start
    >>> Menu\Programs\BulletProofSoft.com
    >>>
    >>> BPS Spyware Remover: Shared DLL (1 apps) (Registry value, fixed)
    >>>
    >>>
    >>
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\P
    >>> rogram Files\BulletProofSoft.com\SpywareRemover\Spyware.exe
    >>>
    >>> BPS Spyware Remover: Shared DLL (1 apps) (Registry value, fixed)
    >>>
    >>>
    >>
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\P
    >>> rogram
    >>>
    >>
    Files\BulletProofSoft.com\SpywareRemover\popup-watch\PopUpWatch.exe<<<<<<<<<
    >>> <<<
    >>>
    >>> Initial Spybot Startup list (this and the initial scan was done from
    >>> SafeMode) I recognize all processes here.
    >>>>>>> Located: HK_LM:Run, ccApp
    >>> command: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    >>> file: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    >>> size: 58992
    >>> MD5: e5f9b0314442ea5816518c64b02f10a2
    >>>
    >>> Located: HK_LM:Run, DeviceDiscovery
    >>> command: C:\Program Files\Hewlett-Packard\Digital
    >>> Imaging\bin\hpotdd01.exe
    >>> file: C:\Program Files\Hewlett-Packard\Digital
    >>> Imaging\bin\hpotdd01.exe
    >>> size: 229437
    >>> MD5: 7eef9e578d2aa3d562d074bfdfe56825
    >>>
    >>> Located: HK_LM:Run, HP Component Manager
    >>> command: "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    >>> file: C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    >>> size: 241664
    >>> MD5: f5f1a8cdd473d55f9bf6fe23f715b0fa
    >>>
    >>> Located: HK_LM:Run, HP Software Update
    >>> command: "C:\Program Files\Hewlett-Packard\HP Software
    >>> Update\HPWuSchd2.exe" file: C:\Program Files\Hewlett-Packard\HP
    >>> Software Update\HPWuSchd2.exe size: 49152
    >>> MD5: 6ad9dcb0257b10ea458165f70634dabc
    >>>
    >>> Located: HK_LM:Run, HPDJ Taskbar Utility
    >>> command: C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
    >>> file: C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
    >>> size: 188416
    >>> MD5: b25f66fdaa5a0389500c8a9e0433e5a5
    >>>
    >>> Located: HK_LM:Run, NeroFilterCheck
    >>> command: C:\WINDOWS\system32\NeroCheck.exe
    >>> file: C:\WINDOWS\system32\NeroCheck.exe
    >>> size: 155648
    >>> MD5: 3e4c03cefad8de135263236b61a49c90
    >>>
    >>> Located: HK_LM:Run, NvCplDaemon
    >>> command: RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    >>> file: C:\WINDOWS\system32\RUNDLL32.EXE
    >>> size: 33280
    >>> MD5: da285490bbd8a1d0ce6623577d5ba1ff
    >>>
    >>> Located: HK_LM:Run, nwiz
    >>> command: nwiz.exe /install
    >>> file: C:\WINDOWS\system32\nwiz.exe
    >>> size: 741376
    >>> MD5: a4ae9ba1e10cb9f6c0949c4db91a1f72
    >>>
    >>> Located: HK_LM:Run, SoundMan
    >>> command: SOUNDMAN.EXE
    >>> file: C:\WINDOWS\SOUNDMAN.EXE
    >>> size: 77824
    >>> MD5: 6351b9d79370a6795921fa3c3950ded6
    >>>
    >>> Located: HK_LM:Run, Symantec NetDriver Monitor
    >>> command: C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    >>> file: C:\PROGRA~1\SYMNET~1\SNDMon.exe
    >>> size: 100056
    >>> MD5: f9418981ee4d7e995d359833adab59d5
    >>>
    >>> Located: HK_LM:Run, TkBellExe
    >>> command: "C:\Program Files\Common
    >>> iles\Real\Update_OB\realsched.exe" -osboot
    >>> file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    >>> size: 180269
    >>> MD5: b8e684df9a97497edd2f87444a6307fb
    >>>
    >>> Located: HK_CU:Run, ctfmon.exe
    >>> command: C:\WINDOWS\system32\ctfmon.exe
    >>> file: C:\WINDOWS\system32\ctfmon.exe
    >>> size: 15360
    >>> MD5: 24232996a38c0b0cf151c2140ae29fc8
    >>>
    >>> Located: Startup (common), Adobe Reader Speed Launch.lnk
    >>> command: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    >>> file: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    >>> size: 29696
    >>> MD5: deb88aef013dd1eefb462d7cad642166
    >>>
    >>> Located: Startup (common), ZoneAlarm Pro.lnk
    >>> command: C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    >>> file: C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    >>> size: 422984
    >>> MD5: 3b2d0ab3d2dbc4cbbd6b9cd9be59a799
    >>>
    >>> Located: Startup (disabled), Acrobat Assistant (DISABLED)
    >>> command: C:\PROGRA~1\Adobe\ACROBA~1.0\Distillr\acrotray.exe
    >>> file: C:\PROGRA~1\Adobe\ACROBA~1.0\Distillr\acrotray.exe
    >>> size: 217193
    >>> MD5: 78bfe3201ada2fe02d1e35d2488e5f55
    >>>
    >>> Located: Startup (disabled), Adobe Gamma Loader (DISABLED)
    >>> command: C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE
    >>> file: C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE
    >>> size: 113664
    >>> MD5: c2ff17734176cd15221c10044ef0ba1a
    >>>
    >>> Located: Startup (disabled), Microsoft Office (DISABLED)
    >>> command: C:\PROGRA~1\MICROS~2\Office10\OSA.EXE -b -l
    >>> file: C:\PROGRA~1\MICROS~2\Office10\OSA.EXE
    >>> size: 83360
    >>> MD5: 5bc65464354a9fd3beaa28e18839734a
    >>>
    >>> Located: Startup (disabled), ZoneAlarm Pro (DISABLED)
    >>> command: C:\PROGRA~1\ZONELA~1\ZONEAL~1\zapro.exe -nopopup
    >>> file: C:\PROGRA~1\ZONELA~1\ZONEAL~1\zapro.exe
    >>> size: 422984
    >>> MD5: 3b2d0ab3d2dbc4cbbd6b9cd9be59a799<<<<<
    >>> "Wm. Scott Miller" <Scott.Miller@spamkillerwvinsurance.gov> wrote in
    >>> message news:%23KnT1ijjFHA.576@tk2msftngp13.phx.gbl...
    >>>> mgm:
    >>>>
    >>>> If I were you, I'd learn how to remove spyware, adware, virus, etc
    >>>> manually because not every one is going to be caught by every tool out
    >>>> there. Of course try to find a tool to remove it for you, but when
    >>>> that fails, there is only manual, especially if you want if off
    >>>> instead of waiting for a def update. After all there is always a lag
    >>>> time between release of a spyware/adware/virus/worm/etc and the tools
    >>>> ability to remove it. Use Ad-Aware, Spybot S&D, etc, but also make
    >>>> sure you know what is running on that machine and what might not
    >>>> belong. Blind trust in those companies to find everything out there
    >>>> is a HUGE mistake.
    >>>>
    >>>> To do this manually, you can use several tools. Most of them I've
    >>>> gotten
    >>>> from www.sysinternals.com (not associated, just like their tools).
    >>>> Here is a list of the ones I use:
    >>>>
    >>>> 1. Process Manager -- Task Manager replacement that shows alot more
    >>>> information (like what is running inside those svchost.exe's)
    >>>> 2. SigCheck -- Check to see what files in your Windows and
    >>>> Windows/System32 etc directories have no signitures or unverifiable
    >>>> signitures (WARNING: Some Microsoft files still do not have sigs so use
    >>>> tool to highlight possible hoax programs, but make sure you don't go
    >>>> deleting everything it finds)
    >>>> 3. AutoRuns -- You have probably used MSConfig. This is much more
    >>>> advanced and usful for finding that program and where it is starting
    >>>> from.
    >>>> 4. PortMon -- What ports on your machine are listening for connections
    >>>> and what programs they belong to.
    >>>>
    >>>> If you cannot find the program with these, then you have bigger
    >>>> problems.....
    >>>>
    >>>> Scott
    >>>>
    >>>> "mgm" <mgmombo@hotmail.com> wrote in message
    >>>> news:%235IxkrYjFHA.3336@tk2msftngp13.phx.gbl...
    >>>>> a couple of months ago I installed Norton Anti-Virus. Now when ever I
    >>>>> run Ad-Aware, BulletProof Spy detector places shortcuts in a new
    >>>>> folder on my desktop.
    >>>>>
    >>>>> Is anyone here familiar with BulletProof? Is this part of a Norton
    >>>>> suite? Do I have to be concerned about the security of my XP pro box?
Ask a new question

Read More

Bulletproof Security Norton Windows XP