Shoutbox

Spyware, Adware, etc. - Printable Version

-Shoutbox (https://shoutbox.menthix.net)
+-- Forum: MsgHelp Archive (/forumdisplay.php?fid=58)
+--- Forum: Messenger Plus! for Live Messenger (/forumdisplay.php?fid=4)
+---- Forum: WLM Plus! General (/forumdisplay.php?fid=23)
+----- Thread: Spyware, Adware, etc. (/showthread.php?tid=56131)

Spyware, Adware, etc. by Professor Piggy on 02-22-2006 at 08:06 PM

I am very worried by this report.

Of course, before downloading anything, I check it out for viruses, etc.

An official report came back with Messenger Plus reported being a red download. (very dangerous)

I am posting this to ask the guy who created the program why the hell this is!

The report:
-----------------------------------------------------------------------------------------------------
Overall findings
In our tests, this download tried to change our Web browser search settings.

Nuisance Score 
After downloading and installing Messenger Plus! 3.61 - on a fresh Windows XP machine, we checked our computer for programs some people would consider adware, spyware, or other unwanted software. Messenger Plus! 3.61 - earned a nuisance score of 5.00 because of the changes we found.

How does it modify my system? 
(please note, I have added in some line breaks on codes following "hex:" so I don't stretch the board. too much)
Messenger Plus! 3.61 - made the following modifications to the system registry:
ADD    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.ple
ADD    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.ple    @    "MsgPlus.Encrypted"
ADD    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.plp
ADD    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.plp    @    "MsgPlus.SoundPack"
ADD    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1AD5E2AD-00FE-4416-6D8B-2F4C102E8663}
ADD    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1AD5E2AD-00FE-4416-6D8B-2F4C102E8663}    "0BA24F20"    "C408693AB308450773"
ADD    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1AD5E2AD-00FE-4416-6D8B-2F4C102E8663}\InprocServer32
ADD    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1AD5E2AD-00FE-4416-6D8B-2F4C102E8663}\InprocServer32    @    "C:\\DOCUME~1\\JAMESS~1\\APPLIC~1\\bindcash\\thirdtwo.exe"
ADD    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1AD5E2AD-00FE-4416-6D8B-2F4C102E8663}\InprocServer32    "ThreadingModel"    "Apartment"
ADD    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MsgPlus.Encrypted
ADD    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MsgPlus.Encrypted    @    "Encrypted Log File"
ADD    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MsgPlus.Encrypted\DefaultIcon
ADD    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MsgPlus.Encrypted\DefaultIcon    @    "C:\\Program Files\\MessengerPlus! 3\\Resources\\MsgPlusRes.dll,-2781"
ADD    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MsgPlus.Encrypted\shell
ADD    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MsgPlus.Encrypted\shell\open
ADD    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MsgPlus.Encrypted\shell\open\command
ADD    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MsgPlus.Encrypted\shell\open\command    @    "\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\" /LOG:%1"
ADD    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MsgPlus.SoundPack
ADD    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MsgPlus.SoundPack    @    "Messenger Plus! Sound Pack"
ADD    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MsgPlus.SoundPack\DefaultIcon
ADD    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MsgPlus.SoundPack\DefaultIcon    @    "C:\\Program Files\\MessengerPlus! 3\\Resources\\MsgPlusRes.dll,-8127"
ADD    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MsgPlus.SoundPack\shell
ADD    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MsgPlus.SoundPack\shell\open
ADD    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MsgPlus.SoundPack\shell\open\command
ADD    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MsgPlus.SoundPack\shell\open\command    @    "\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\" /SNDPACK:%1"
CHANGE    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG    "Seed"    hex:4f,1d,60,fd,94,03,b7,4e,d4,a0,fb,a6,62,c4,3b,04,7b,4c,1b,85,7b,
c8,\99,5a,b4,2b,06,61,f4,35,d6,b0,8b,5e,aa,8a,e3,60,ea,b0,8a,a3,6e,34,b2,
b6,b3,\34,cf,93,5d,ec,ad,4b,5a,87,6d,de,bf,b1,a2,e4,06,c5,ca,19,7f,cb,ca,a4,
e8,a0,\18,cc,9d,11,fe,e9,00,af
REMOVE    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main    "Search Page"    "http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
CHANGE    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\PROVIDERS\Performance    "Performance Refresh"    dword:00000000
CHANGE    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM    "C:\\WINDOWS\\system32\\advapi32.dll[MofResourceName]"    "LowDateTime:660848256,HighDateTime:29655114***Binary mof compiled successfully"
CHANGE    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM    "C:\\WINDOWS\\system32\\DRIVERS\\ACPI.sys[ACPIMOFResource]"    "LowDateTime:650848256,HighDateTime:29655114***Binary mof compiled successfully"
CHANGE    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM    "C:\\WINDOWS\\system32\\DRIVERS\\mssmbios.sys[MofResource]"    "LowDateTime:-1629086336,HighDateTime:29655115***Binary mof compiled successfully"
CHANGE    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM    "C:\\WINDOWS\\system32\\DRIVERS\\intelppm.sys[PROCESSORWMI]"    "LowDateTime:2080848256,HighDateTime:29655114***Binary mof compiled successfully"
REMOVE    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM    "C:\\WINDOWS\\system32\\DRIVERS\\pcntpci5.sys[NdisMofResource]"    "LowDateTime:863039744,HighDateTime:29435636***Binary mof compiled successfully"
CHANGE    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM    "C:\\WINDOWS\\system32\\DRIVERS\\ipnat.sys[IPNATMofResource]"    "LowDateTime:-1061007232,HighDateTime:29664841***Binary mof compiled successfully"
CHANGE    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM    "C:\\WINDOWS\\System32\\Drivers\\HTTP.sys[UlMofResource]"    "LowDateTime:1643546752,HighDateTime:29666663***Binary mof compiled successfully"
CHANGE    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM\DREDGE    "C:\\WINDOWS\\system32\\advapi32.dll[MofResourceName]"    "LowDateTime:660848256,HighDateTime:29655114***Binary mof compiled successfully"
CHANGE    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM\DREDGE    "C:\\WINDOWS\\system32\\DRIVERS\\ACPI.sys[ACPIMOFResource]"    "LowDateTime:650848256,HighDateTime:29655114***Binary mof compiled successfully"
CHANGE    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM\DREDGE    "C:\\WINDOWS\\system32\\DRIVERS\\mssmbios.sys[MofResource]"    "LowDateTime:-1629086336,HighDateTime:29655115***Binary mof compiled successfully"
CHANGE    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM\DREDGE    "C:\\WINDOWS\\system32\\DRIVERS\\intelppm.sys[PROCESSORWMI]"    "LowDateTime:2080848256,HighDateTime:29655114***Binary mof compiled successfully"
REMOVE    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM\DREDGE    "C:\\WINDOWS\\system32\\DRIVERS\\pcntpci5.sys[NdisMofResource]"    "LowDateTime:863039744,HighDateTime:29435636***Binary mof compiled successfully"
CHANGE    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM\DREDGE    "C:\\WINDOWS\\system32\\DRIVERS\\ipnat.sys[IPNATMofResource]"    "LowDateTime:-1061007232,HighDateTime:29664841***Binary mof compiled successfully"
CHANGE    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM\DREDGE    "C:\\WINDOWS\\System32\\Drivers\\HTTP.sys[UlMofResource]"    "LowDateTime:1643546752,HighDateTime:29666663***Binary mof compiled successfully"
ADD    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{0BE1837B-DF4D-42A9-A220-DF11CBBF9967}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
ADD    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{0BE1837B-DF4D-42A9-A220-DF11CBBF9967}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}    "Active"    dword:00000001
ADD    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{0BE1837B-DF4D-42A9-A220-DF11CBBF9967}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}    "SubscriptionID"    "{0BE1837B-DF4D-42A9-A220-DF11CBBF9967}"
ADD    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{0BE1837B-DF4D-42A9-A220-DF11CBBF9967}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}    "SubscriptionName"    "Messenger ISensLogon Subscription"
ADD    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{0BE1837B-DF4D-42A9-A220-DF11CBBF9967}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}    "EventClassID"    "{D5978630-5B9F-11D1-8DD2-00AA004ABD5E}"
ADD    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{0BE1837B-DF4D-42A9-A220-DF11CBBF9967}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}    "PerUser"    dword:ffffffff
ADD    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{0BE1837B-DF4D-42A9-A220-DF11CBBF9967}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}    "OwnerSID"    "S-1-5-21-1202660629-1637723038-725345543-1004"
ADD    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{0BE1837B-DF4D-42A9-A220-DF11CBBF9967}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}    "Enabled"    dword:ffffffff
ADD    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{0BE1837B-DF4D-42A9-A220-DF11CBBF9967}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}    "InterfaceID"    "{D597BAB3-5B9F-11D1-8DD2-00AA004ABD5E}"
ADD    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{0BE1837B-DF4D-42A9-A220-DF11CBBF9967}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}    "EventClassPartitionID"    "{00000000-0000-0000-0000-000000000000}"
ADD    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{0BE1837B-DF4D-42A9-A220-DF11CBBF9967}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}    "EventClassApplicationID"    "{00000000-0000-0000-0000-000000000000}"
ADD    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{0BE1837B-DF4D-42A9-A220-DF11CBBF9967}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}    "SubscriberPartitionID"    "{00000000-0000-0000-0000-000000000000}"
ADD    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{0BE1837B-DF4D-42A9-A220-DF11CBBF9967}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}    "SubscriberApplicationID"    "{00000000-0000-0000-0000-000000000000}"
ADD    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{B6685BC1-E1B8-42A5-9D29-BC7E7F4E0A0E}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
ADD    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{B6685BC1-E1B8-42A5-9D29-BC7E7F4E0A0E}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}    "Active"    dword:00000001
ADD    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{B6685BC1-E1B8-42A5-9D29-BC7E7F4E0A0E}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}    "SubscriptionID"    "{B6685BC1-E1B8-42A5-9D29-BC7E7F4E0A0E}"
ADD    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{B6685BC1-E1B8-42A5-9D29-BC7E7F4E0A0E}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}    "SubscriptionName"    "Messenger ISensNetwork Subscription"
ADD    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{B6685BC1-E1B8-42A5-9D29-BC7E7F4E0A0E}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}    "EventClassID"    "{D5978620-5B9F-11D1-8DD2-00AA004ABD5E}"
ADD    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{B6685BC1-E1B8-42A5-9D29-BC7E7F4E0A0E}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}    "PerUser"    dword:ffffffff
ADD    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{B6685BC1-E1B8-42A5-9D29-BC7E7F4E0A0E}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}    "OwnerSID"    "S-1-5-21-1202660629-1637723038-725345543-1004"
ADD    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{B6685BC1-E1B8-42A5-9D29-BC7E7F4E0A0E}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}    "Enabled"    dword:ffffffff
ADD    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{B6685BC1-E1B8-42A5-9D29-BC7E7F4E0A0E}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}    "InterfaceID"    "{D597BAB1-5B9F-11D1-8DD2-00AA004ABD5E}"
ADD    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{B6685BC1-E1B8-42A5-9D29-BC7E7F4E0A0E}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}    "EventClassPartitionID"    "{00000000-0000-0000-0000-000000000000}"
ADD    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{B6685BC1-E1B8-42A5-9D29-BC7E7F4E0A0E}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}    "EventClassApplicationID"    "{00000000-0000-0000-0000-000000000000}"
ADD    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{B6685BC1-E1B8-42A5-9D29-BC7E7F4E0A0E}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}    "SubscriberPartitionID"    "{00000000-0000-0000-0000-000000000000}"
ADD    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{B6685BC1-E1B8-42A5-9D29-BC7E7F4E0A0E}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}    "SubscriberApplicationID"    "{00000000-0000-0000-0000-000000000000}"
ADD    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{B6685BC1-E1B8-42A5-9D29-BC7E7F4E0A0E}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}\SubscriberProperties
ADD    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{B6685BC1-E1B8-42A5-9D29-BC7E7F4E0A0E}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}\SubscriberProperties    "ulConnectionMadeTypeNoQOC"    hex:13,00,00,00,07,00,00,00
ADD    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MessengerService\Policies
ADD    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run    "MessengerPlus3"    "\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\""
ADD    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run    "Load Body Spam Glue"    "C:\\Documents and Settings\\All Users\\Application Data\\Cdrom Bore Load Body\\Hope Real.exe"
ADD    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
ADD    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1AD5E2AD-00FE-4416-6D8B-2F4C102E8663}
ADD    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MsgPlus! Plugin
ADD    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MsgPlus! Plugin    "DisplayName"    "Messenger Plus! 3"
ADD    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MsgPlus! Plugin    "UninstallString"    "\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\" /Remove"
ADD    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MsgPlus! Plugin    "DisplayIcon"    "C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe,2"
ADD    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MsgPlus! Plugin    "SponsorInstalled"    dword:00000001
ADD    HKEY_LOCAL_MACHINE\SOFTWARE\Patchou
ADD    HKEY_LOCAL_MACHINE\SOFTWARE\Patchou\MsgPlus2
ADD    HKEY_LOCAL_MACHINE\SOFTWARE\Patchou\MsgPlus2    "BinDir"    "C:\\Program Files\\MessengerPlus! 3"
ADD    HKEY_LOCAL_MACHINE\SOFTWARE\Patchou\MsgPlus2    "LocalizationDir"    "C:\\Program Files\\MessengerPlus! 3\\Resources"
ADD    HKEY_LOCAL_MACHINE\SOFTWARE\Patchou\MsgPlus2    "PluginDir"    "C:\\Program Files\\MessengerPlus! 3\\Plugins"
ADD    HKEY_LOCAL_MACHINE\SOFTWARE\Patchou\MsgPlus2    "FileNameDll"    "MsgPlusH.dll"
ADD    HKEY_LOCAL_MACHINE\SOFTWARE\Patchou\MsgPlus2    "FileNameExe"    "MsgPlus.exe"
ADD    HKEY_LOCAL_MACHINE\SOFTWARE\Patchou\MsgPlus2    "FileNameLoader"    "MsgPlusLoader.dll"
ADD    HKEY_LOCAL_MACHINE\SOFTWARE\Patchou\MsgPlus2    "SoftwareBuild"    dword:00000c49
ADD    HKEY_LOCAL_MACHINE\SOFTWARE\Patchou\MsgPlus2    "DefLanguageFile"    "DefaultLg.dat"
ADD    HKEY_LOCAL_MACHINE\SOFTWARE\Patchou\MsgPlus2    "InstallTime"    dword:43ae0163
ADD    HKEY_LOCAL_MACHINE\SOFTWARE\Patchou\MsgPlus2\RegisteredPlugins
CHANGE    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Providers    "LogonTime"    hex:9a,df,19,5c,f9,08,c6,01
ADD    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Printers
ADD    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Printers    "DefaultSpoolDirectory"    "C:\\WINDOWS\\System32\\spool\\PRINTERS"
CHANGE    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT    "EventMessageFile"    hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,\00,53,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,45,00,\53,00,45,00,4e,00,54,00,2e,00,64,00,6c,00,6c,00,00,00
CHANGE    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT    "CategoryMessageFile"    hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,\57,00,53,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,45,\00,53,00,45,00,4e,00,54,00,2e,00,64,00,6c,00,6c,00,00,00
CHANGE    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kmixer\Enum    "Count"    dword:00000001
CHANGE    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kmixer\Enum    "NextInstance"    dword:00000001
ADD    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kmixer\Enum    "0"    "SW\\{b7eafdc0-a680-11d0-96d8-00aa0051e51d}\\{9B365890-165F-11D0-A195-0020AFD156E4}"
CHANGE    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ESENT    "EventMessageFile"    hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,\00,53,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,45,00,\53,00,45,00,4e,00,54,00,2e,00,64,00,6c,00,6c,00,00,00
CHANGE    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ESENT    "CategoryMessageFile"    hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,\57,00,53,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,45,\00,53,00,45,00,4e,00,54,00,2e,00,64,00,6c,00,6c,00,00,00
CHANGE    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kmixer\Enum    "Count"    dword:00000001
CHANGE    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kmixer\Enum    "NextInstance"    dword:00000001
ADD    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kmixer\Enum    "0"    "SW\\{b7eafdc0-a680-11d0-96d8-00aa0051e51d}\\{9B365890-165F-11D0-A195-0020AFD156E4}"
CHANGE    HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\Software\Microsoft\Internet Explorer\Main    "Start Page"    "http://www.qrfdbjprkpksofuegmogutsy.com/L2vfDAwTXLvIM1UXTQuH8_4o/BMY8LVD452f3BolXO8.jsp"
REMOVE    HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\Software\Microsoft\Internet Explorer\Main    "Search Page"    "http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
CHANGE    HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\Software\Microsoft\Internet Explorer\Main    "AutoSearch"    dword:00000000
ADD    HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\Software\Microsoft\Internet Explorer\Main    "Search Bar"    "http://www.trfidqhdqqyfxtfnxdse.com/L2vfDAwTXLur4PSka_ebQ4RuVTQfDOymbLojVWKjoFEzXY0F4iLyiOQztidGcuy3.html"
ADD    HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\Software\Microsoft\Internet Explorer\Main    "Use Custom Search URL"    dword:00000001
ADD    HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\Software\Microsoft\Internet Explorer\Main    "Use Search Asst"    "no"
ADD    HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\Software\Microsoft\Internet Explorer\New Windows\Allow    "lop.com"    ""
ADD    HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\Software\Microsoft\Internet Explorer\New Windows\Allow    "www.lop.com"    ""
ADD    HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\Software\Microsoft\Internet Explorer\New Windows\Allow    "mysearchnow.com"    ""
ADD    HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\Software\Microsoft\Internet Explorer\New Windows\Allow    "www.mysearchnow.com"    ""
ADD    HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\Software\Microsoft\MessengerService    "FirstTimeUser"    dword:00000000
ADD    HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\Software\Microsoft\MessengerService    "UsedGroupsView"    dword:00000001
REMOVE    HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021493-0000-0000-C000-000000000046}\Enum
REMOVE    HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021493-0000-0000-C000-000000000046}\Enum    "Implementing"    hex:1c,00,00,00,01,00,00,00,d5,07,0c,00,00,00,19,00,02,00,11,00,\0b,00,bb,
00,05,00,00,00,01,24,d0,30,81,6a,d0,11,82,74,00,c0,4f,d5,ae,38,f3,\31,ee,c4,
68,47,d2,11,be,5c,00,a0,c9,a8,3d,a1,61,4e,a2,ef,78,b0,d0,11,89,e4,\00,c0,4f,
c9,e2,6e,62,4e,a2,ef,78,b0,d0,11,89,e4,00,c0,4f,c9,e2,6e,64,4e,a2,\ef,78,b0,
d0,11,89,e4,00,c0,4f,c9,e2,6e
REMOVE    HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021494-0000-0000-C000-000000000046}\Enum
REMOVE    HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021494-0000-0000-C000-000000000046}\Enum    "Implementing"    hex:1c,00,00,00,01,00,00,00,d5,07,0c,00,00,00,19,00,02,00,11,00,\0b,00,d4,
01,01,00,00,00,25,8c,5c,4d,75,d0,d0,11,b4,16,00,c0,4f,b9,03,76
REMOVE    HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites
REMOVE    HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites    "Order"    hex:08,00,00,00,02,00,00,00,18,01,00,00,01,00,00,00,03,00,00,00,44,00,
\00,00,00,00,00,00,36,00,31,00,00,00,00,00,93,32,a4,b5,10,00,4c,69,6e,6b
,73,\00,22,00,03,00,04,00,ef,be,93,32,9b,b5,34,33,16,59,14,00,00,00,4c,00
,69,00,\6e,00,6b,00,73,00,00,00,14,00,00,00,00,00,00,00,58,00,00,00,01,00
,00,00,4a,\00,32,00,77,00,00,00,93,32,a4,b5,20,00,4d,53,4e,43,4f,4d,7e,31,
2e,55,52,4c,\00,00,2e,00,03,00,04,00,ef,be,93,32,a4,b5,bb,32,93,a5,14,00,
00,00,4d,00,53,\00,4e,00,2e,00,63,00,6f,00,6d,00,2e,00,75,00,72,00,6c,00,
00,00,1c,00,00,00,\00,00,00,00,70,00,00,00,02,00,00,00,62,00,32,00,c5,00,
00,00,93,32,a4,b5,20,\00,52,41,44,49,4f,53,7e,31,2e,55,52,4c,00,00,46,00,
03,00,04,00,ef,be,93,32,\a4,b5,bb,32,93,a5,14,00,00,00,52,00,61,00,64,00,
69,00,6f,00,20,00,53,00,74,\00,61,00,74,00,69,00,6f,00,6e,00,20,00,47,00,
75,00,69,00,64,00,65,00,2e,00,\75,00,72,00,6c,00,00,00,1c,00,00,00,00,00,
00,00
REMOVE    HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
REMOVE    HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links    "Order"    hex:08,00,00,00,02,00,00,00,00,02,00,00,01,00,00,00,05,00,00,00,68,00,
\00,00,00,00,00,00,5a,00,32,00,77,00,00,00,93,32,a4,b5,20,00,43,55,53,54,
4f,\4d,7e,31,2e,55,52,4c,00,00,3e,00,03,00,04,00,ef,be,93,32,a4,b5,bb,32,
93,a5,\14,00,00,00,43,00,75,00,73,00,74,00,6f,00,6d,00,69,00,7a,00,65,00,
20,00,4c,\00,69,00,6e,00,6b,00,73,00,2e,00,75,00,72,00,6c,00,00,00,1c,00,
00,00,00,00,\00,00,62,00,00,00,01,00,00,00,54,00,32,00,71,00,00,00,93,32,
a4,b5,20,00,46,\52,45,45,48,4f,7e,31,2e,55,52,4c,00,00,38,00,03,00,04,00,
ef,be,93,32,a4,b5,\bb,32,93,a5,14,00,00,00,46,00,72,00,65,00,65,00,20,00,
48,00,6f,00,74,00,6d,\00,61,00,69,00,6c,00,2e,00,75,00,72,00,6c,00,00,00,
1c,00,00,00,00,00,00,00,\56,00,00,00,02,00,00,00,48,00,32,00,71,00,00,00,
93,32,a4,b5,20,00,57,69,6e,\64,6f,77,73,2e,75,72,6c,00,2e,00,03,00,04,00,
ef,be,93,32,a4,b5,bb,32,93,a5,\14,00,00,00,57,00,69,00,6e,00,64,00,6f,00,
77,00,73,00,2e,00,75,00,72,00,6c,\00,00,00,1a,00,00,00,00,00,00,00,70,00,
00,00,03,00,00,00,62,00,32,00,a9,00,\00,00,93,32,9d,b5,20,00,57,49,4e,44,
4f,57,7e,31,2e,55,52,4c,00,00,46,00,03,\00,04,00,ef,be,93,32,9d,b5,bb,32,
93,a5,14,00,00,00,57,00,69,00,6e,00,64,00,\6f,00,77,00,73,00,20,00,4d,00,
61,00,72,00,6b,00,65,00,74,00,70,00,6c,00,61,\00,63,00,65,00,2e,00,75,00,
72,00,6c,00,00,00,1c,00,00,00,00,00,00,00,64,00,\00,00,04,00,00,00,56,00,
32,00,76,00,00,00,93,32,a4,b5,20,00,57,49,4e,44,4f,\57,7e,32,2e,55,52,4c,
00,00,3a,00,03,00,04,00,ef,be,93,32,a4,b5,bb,32,93,a5,\14,00,00,00,57,00,
69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,4d,00,65,00,64,\00,69,00,61,00,
2e,00,75,00,72,00,6c,00,00,00,1c,00,00,00,00,00,00,00
CHANGE    HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections    "SavedLegacySettings"    hex:3c,00,00,00,4e,00,00,00,01,00,00,00,00,00,00,00,00,\00,00,00,00,00,00,
00,04,00,00,00,00,00,00,00,60,60,3a,8b,31,45,c5,01,01,00,\00,00,c0,a8,a5,
83,00,00,00,00,00,00,00,00
ADD    HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Run    "MSMSGS"    "\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
ADD    HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Run    "anteplay"    "C:\\DOCUME~1\\JAMESS~1\\APPLIC~1\\SIZEBL~1\\Web This.exe"
ADD    HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache    "y:\\disk0\\program_test\\programs\\97193\\38847\\71532\\MsgPlus-354.exe"    "Setup of Messenger Plus!"
ADD    HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache    "C:\\DOCUME~1\\JAMESS~1\\LOCALS~1\\Temp\\MPlusSetup.exe"    "Setup of Messenger Plus!"
ADD    HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache    "C:\\Program Files\\Messenger\\msmsgs.exe"    "Windows Messenger"
ADD    HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache    "C:\\DOCUME~1\\JAMESS~1\\APPLIC~1\\SIZEBL~1\\mbdaeetb.exe"    "mbdaeetb"
ADD    HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache    "C:\\DOCUME~1\\JAMESS~1\\APPLIC~1\\SIZEBL~1\\road plan aim.exe"    "road plan aim"
CHANGE    HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\SessionInformation    "ProgramCount"    dword:00000002
ADD    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Printers
ADD    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Printers    "DefaultSpoolDirectory"    "C:\\WINDOWS\\System32\\spool\\PRINTERS"
ADD    HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_ContactOnline\.Default
ADD    HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_ContactOnline\.Default    @    ""
ADD    HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_NewAlert\.Default
ADD    HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_NewAlert\.Default    @    ""
ADD    HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_NewMail\.Default
ADD    HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_NewMail\.Default    @    ""
ADD    HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_NewMessage\.Default
ADD    HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_NewMessage\.Default    @    ""
ADD    HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\Software\bitslinktitlewma
ADD    HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\Software\bitslinktitlewma    "Blue Okay"    hex:45,66,aa,70,bb,e4,12,ef,c7,a0,d8,73,3c,b7,fb,14,4b,fe,25,64,8b,\e6,cb,8c,
08,7d,21,e4,a2,20,3a,d5,36,d8,b5,df,08,ca,a1,e4,5f,48,38,14,a7,f0,\55,fd,f7,
9b,49,db,0e,e0,ae,c5,5d,14,84,3b,28,74,19,85,22,5c,36,fd,80,0e,80,\e5,ca,
90,44,35,d2,91,07,8d,42,2d,dd,19,46,92,d4,57,67,66,9b,53,08,d2,9d,a5,\f3,
c9,1e,5c,ce,9f,5b,fb,f0,ae,92,6f,e7,b5,8d,e9,8e,e6,ae,8b,aa,97,f6,d3,e9,\a6,
42,ba,cc,a0,bc,1a,4b,d4,94,79,3f,fe,24,64,ca,93,b6,e3,5b,18,50,96,c1,48,\3b,
d0,36,d8,d1,b3,65,a6,ce,96,3a,7a,38,6b,c8,95,26,e9,fb,ee,36,a3,77,81,95,
\b0,24,6f,80,38,28,74,1d,9c,22,5c,55,8f,80,31,80,80,be,94,17,54,a6,b5,43,
e8,\21,09,ef,2d,66,c4,8c,1e,56,5f,a1,62,31,f7,af,95,c3,f8,1e,5a,ce,9b,5b,ff,f0,
\ca,fb,18,d5,b5,8c,8f,e7,84,ce,ef,aa,96,f2,d3,e9,a5,46,ba,cc,b9,d8,73,38,b6,
\fb,14,4f,98,51,64,99,f2,cb,c3,1f,7d,23,b6,f3,7c,1a,e2,07,e2,84,e4,32,fb,98,\
c0,6d,78,08,25,a7,f3,55,9e,9f,9f,48,db,0e,e4,ad,c5,5d,78,e4,3b,38,53,1d,85,
\27,5c,55,8e,84,31,80,e5,ce,94,44,35,be,fa,64,e6,42,c0,de,19,46,f0,bd,24,67
,\63,9b,53,08,d3,9d,a5,f3,a1,71,3f,a5,a9,5b,fb,f0,ca,fb,18,d5,b5,8c,c5,8e,e6,\
a6,8a,aa,97,f2,bc,8c,c3,46,d9,f6,fc,bc,1c,5b,c2,96,71,31,cf,79,0e,ab,fe,da,\90
,28,66,71,ca,ad,27,59,b1,5a,ab,cb,ed,54,be,c4,8d,2f,14,5a,79,d4,c3,7b,fb,\e7
,fe,48,dd,0e,e0,ad,d9,5d,14,80,3a,28,74,1d,ea,4b,39,3d,fe,80,59,f4,91,ba,
\ae,6b,1a,a5,e2,70,a3,31,40,a9,7c,27,92,cb,4d,14,08,e9,7d,6b,b8,f0,8a,f3,ce,
\1e,5c,ce,9f,5b,fb,f0,ce,fb,1c,d5,c5,e2,e9,71,19,59,74,af,97,f2,d3,ed,a6,46,
\ba,c8,a0,d8,73,48,c1,8d,7a,4f,fd,25,64,ca,97,bf,e3,5b,1c,40,96,c1,4c,3a,d0,
\36,aa,da,af,08,cb,a1,e0,5f,4d,38,10,a7,f4,55,9e,9f,9f,48,db,0e,93,d9,a4,3c,
\14,81,3b,28,74,1e,85,22,5c,5d,8e,80,31,81,e5,ca,94,37,43,d2,a1,29,be,71,
44,\ae,77,46,f0,bd,24,67,63,9b,53,08,d3,9d,a5,f3,b9,78,38,bb,f2,5b,fa,f0,ca,
fb,\19,d5,b5,8c,dd,8e,e6,a6,8a,aa,97,f2,a7,99,d6,74,ba,8f,9a,84,37,77,f4,ae
,59,\0a,80,14,38,8b,df,f3,b6,08,5d,3e,a7,9d,09,6a,80,7a,91,f6,a2,39,96,e2,
a4,0d,\07,75,52,d9,c1,09,d6,d0,cb,0d,89,4b,9e,9c,eb,18,4c,c5,3b,2b,74,1d,
85,26,5c,\55,8e,84,31,80,e5,be,e7,44,35,d2,95,07,8e,42,29,dd,08,46,f6,bd,
27,67,67,9b,\26,3a,d7,a8,c0,c3,fe,2a,69,aa,fa,62,98,95,ab,c3,7e,ed,d1,8c,ea,
8e,e6,a6,8f,\
ADD    HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\Software\bitslinktitlewma\activedelete
ADD    HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\Software\Microsoft\Windows\CurrentVersion\ownsfilehold
ADD    HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\Software\Microsoft\Windows\CurrentVersion\ownsfilehold    "1byte"    hex:f3,0d,f8,20,5c,a2,f9,90,56,14,80,3b,2c,74,1d,85,26,5c,55,8e,c1,44,\f4,8a,
99,f1,25,47,b1,fd,07,88,42,29,dd,1a,46,f6,bd,20,67,67,9b,57,08,d7,9d,\c6,9b,
cd,1f,5c,ce,9b,58,fb,f0,ca,ff,1c,d5,b5,88,e9,8e,e6,c5,f8,aa,a8,f2,d3,\e9,a2,46,
ba,cc,a4,d8,73,38,b3,fb,14,4f,9a,4c,17,ca,92,bf,e3,5b,1d,40,96,c1,\4c,3a,d0,
36,dc,b5,dc,08,ae,c8,93,6d,48,39,10,a7,f0,5d,9e,9f,9b,4c,db,0e,e0,\a9,c5,5d,
14,e4,52,5b,17,72,e8,52,5c,54,8e,80,31,89,e5,ca,94,54,35,d2,95,06,\8d,42,
29,b9,76,2b,9a,d2,52,02,55,9b,28,67,b2,ee,d2,97,b8,60,24,b7,fa,63,8e,\89,
b1,fb,1f,d5,b5,8c,f0,8e,e6,a6,8a,aa,97,f2,b6,9d,a6,15,db,b8,80,9c,16,5b,\97,
c9,20,6f,cc,14,5e,fb,ab,85,d2,62,38,72,a6,f1,7d,3a,d6,36,d8,b5,d8,08,ca,\a1,
e4,5f,48,38,76,ce,92,3d,fa,9f,9a,48,db,0e,e3,ad,c5,5d,0d,80,3b,28,75,1d,\85,
22,3a,21,8e,d3,50,f4,c5,8e,f1,27,15,e0,a1,27,bf,73,13,ec,21,7c,c7,84,04,\55,
57,ab,66,08,d4,9d,a5,f3,c9,1e,5c,ce,9f,5b,fb,f0,a6,9f,1c,c5,92,8c,e9,8b,\e6,
a6,8b,ae,97,f2,d3,ed,a6,46,ba,a0,cf,bb,18,38,5e,f8,14,4f,f8,25,64,ca,97,\bf,
e3,5b,1c,40,96,c1,24,55,b3,5d,ea,b5,dc,08,ca,a1,e4,5f,48,38,3c,a7,f0,55,\9f,
9f,9b,48,b4,6b,85,ad,a6,67,48,e4,54,4b,01,70,e0,5c,6d,09,e4,e1,5c,e5,96,
\b9,ea,75,69,be,fa,64,ec,2e,5a,a3,28,1a,82,d8,49,17,3b,f9,3a,7b,e4,b3,c0,8b,
\a8,1e,5a,ce,9b,5b,e7,f0,ca,fb,1d,d5,b5,8c,86,e7,83,ce,fb,aa,ff,86,a7,99,9c,
\69,95,bb,d7,af,5d,4b,de,8f,71,2e,9a,53,0d,b9,fc,cd,cd,38,77,2d,b9,c1,4b,3a,
\d0,36,dc,b5,dc,08,ce,a1,e0,5f,38,56,10,58,0f,aa,61,9a,9b,48,db,0a,e0,ad,c5,
\59,14,80,3b,58,02,6b,eb,22,5f,55,8e,80,35,80,e5,ca,90,44,35,d2,91,07,8d,
42,\5b,b2,6a,46,f7,bd,24,67,64,9b,53,08,df,9d,a5,f3,cc,1e,5c,ce,e8,2d,fb,c4,
e4,\c8,2f,b8,c6,e2,e9,8d,e6,a6,8b,ae,97,f2,d3,ed,a6,46,ba,b8,d3,d8,73,38,
b7,fb,\17,4f,fe,25,75,ca,93,bf,e0,5b,18,40,e3,f3,48,0f,b5,06,eb,81,e9,6c,ab,
98,83,\3a,29,00,72,9f,94,55,9d,9f,9b,48,df,0e,e0,ad,c1,5d,14,80,4e,41,74,
1d,85,22,\5c,50,8e,80,31,84,e5,ca,94,40,35,d2,95,72,fd,26,1b,dd,18,46,f6,
bd,2c,67,67,\9b,57,08,d7,9d,a1,f3,cd,1e,29,bc,f7,2b,89,9f,be,fb,6f,21,9c,8c,
ea,8e,e6,a6,\82,aa,97,f2,d2,e9,a6,46,cf,b9,a0,ef,43,08,87,cb,24,7e,cf,25,6c,
ca,93,bf,e7,\5b,18,40,92,c1,48,3a,a6,5f,ab,dc,be,64,af,a1,e0,0e,e0,ad
ADD    HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\Software\Patchou
ADD    HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\Software\Patchou\MsgPlus2
ADD    HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\Software\Patchou\MsgPlus2    "LanguageFile"    "DefaultLg.dat"
ADD    HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\Software\Patchou\MsgPlus2    "DefaultConfiguration"    "Nobody"
ADD    HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\Software\Patchou\MsgPlus2    "SoftwareState"    dword:00000001
ADD    HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\Software\Classes\CLSID
ADD    HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\Software\Classes\CLSID\{1437DCF3-ABB5-1D8E-52A4-8C636AB15E7E}
ADD    HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004_Classes\CLSID
ADD    HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004_Classes\CLSID\{1437DCF3-ABB5-1D8E-52A4-8C636AB15E7E}

Messenger Plus! 3.61 - also made the following modifications to the hard drive:
c:\documents and settings\all users\application data\cdrom bore load body\hope real.exe
c:\documents and settings\all users\application data\cdrom bore load body\modethateq
c:\documents and settings\owner\application data\bindcash\thirdtwo.exe
c:\documents and settings\owner\application data\sizeblehface\815f995d
c:\documents and settings\owner\application data\sizeblehface\listdrawtonsbone.exe
c:\documents and settings\owner\application data\sizeblehface\mbdaeetb.exe
c:\documents and settings\owner\application data\sizeblehface\road plan aim.exe
c:\documents and settings\owner\application data\sizeblehface\web this.exe
c:\documents and settings\owner\cookies\james sanchez@ayb.lop[1].txt
c:\documents and settings\owner\cookies\james sanchez@lop[1].txt
c:\documents and settings\owner\local settings\temp\bis3.exe
c:\documents and settings\owner\local settings\temp\reg63928.tmp
c:\documents and settings\owner\local settings\temp\reg63929.tmp
c:\documents and settings\owner\local settings\temporary internet files\content.ie5\qji5cror\setupend[1].htm
c:\program files\adverts\uninst.exe
c:\program files\messengerplus! 3\detoured.dll
c:\program files\messengerplus! 3\lame_enc.dll
c:\program files\messengerplus! 3\libsndfile.dll
c:\program files\messengerplus! 3\msgplus.exe
c:\program files\messengerplus! 3\msgplush.dll
c:\program files\messengerplus! 3\msgplusloader.dll
c:\program files\messengerplus! 3\readme.txt
c:\program files\messengerplus! 3\richedhook.dll
c:\program files\messengerplus! 3\setup.dat
c:\program files\messengerplus! 3\plugins\developers.txt
c:\program files\messengerplus! 3\resources\defaultlg.dat
c:\program files\messengerplus! 3\resources\lang_arabic.ini
c:\program files\messengerplus! 3\resources\lang_catala.ini
c:\program files\messengerplus! 3\resources\lang_chinese simplified.ini
c:\program files\messengerplus! 3\resources\lang_chinese traditional.ini
c:\program files\messengerplus! 3\resources\lang_dansk.ini
c:\program files\messengerplus! 3\resources\lang_deutsch.ini
c:\program files\messengerplus! 3\resources\lang_espanol (espana).ini
c:\program files\messengerplus! 3\resources\lang_espanol (latino).ini
c:\program files\messengerplus! 3\resources\lang_estonian.ini
c:\program files\messengerplus! 3\resources\lang_francais.ini
c:\program files\messengerplus! 3\resources\lang_hellenic.ini
c:\program files\messengerplus! 3\resources\lang_italiano.ini
c:\program files\messengerplus! 3\resources\lang_japanese.ini
c:\program files\messengerplus! 3\resources\lang_korean.ini
c:\program files\messengerplus! 3\resources\lang_magyar.ini
c:\program files\messengerplus! 3\resources\lang_nederlands.ini
c:\program files\messengerplus! 3\resources\lang_portugues.ini
c:\program files\messengerplus! 3\resources\lang_suomeksi.ini
c:\program files\messengerplus! 3\resources\lang_svenska.ini
c:\program files\messengerplus! 3\resources\lang_thai.ini
c:\program files\messengerplus! 3\resources\lang_turkce.ini
c:\program files\messengerplus! 3\resources\msgplusres.dll
c:\windows\prefetch\bis3.exe-0fec4f19.pf
c:\windows\prefetch\hopere~1.exe-1d7b4a69.pf
c:\windows\prefetch\mbdaeetb.exe-0f820e79.pf
c:\windows\prefetch\msgplus.exe-1f40e706.pf
c:\windows\prefetch\msmsgs.exe-2b6052de.pf
c:\windows\prefetch\road plan aim.exe-08a5d5e5.pf
c:\windows\prefetch\uninst.exe-29e1cd4d.pf
c:\windows\prefetch\wmiadap.exe-2df425b2.pf
c:\windows\softwaredistribution\datastore\logs\tmp.edb
c:\windows\tasks\a5b85d559183d7b1.job

Network activity
During Messenger Plus! 3.61 -'s installation and subsequent run, the following network servers were contacted. 
adclst03.valueclick.com
stats.partypoker.com
as1.falkag.de
ad.admarketplace.net
a1174.g.akamai.net
ads.cc214142.com
ad.yieldmanager.com
p.mii.instacontent.net
www.indiads.com
www.bollywoodondemand.com
media.fastclick.net
a929.g.akamai.net
z1.adserver.com
red.as1.falkag.de
cdn.fastclick.net
t.trafficmp.com
www.southasianews.com
153.17.220.66.in-addr.arpa
images2.smashits.com
secure.directtrack.com
41.17.220.66.in-addr.arpa
a.tribalfusion.com
a1521.x.akamai.net
ads.addynamix.com
servedby.advertising.com
www.partypoker.com
view.atdmt.com
c.as-eu.falkag.net
focusin.ads.targetnet.com
exchange.myriadmarket.com
ads.zone-media.com
i24599.bins.lop.com
searchweb2.com
ww.smashits.com
a1539.g.akamai.net
www.smashawards.com

Other information 
Title
Messenger Plus! 3.61

URL of the download publisher: http://www.msnmonkey.co.uk/Downloads.php

URL of the download:
http://download.msgplus.net/files/MsgPlus-354.exe

Full checksum (MD5)
2322f0d1b4a88145d79d55ce4966a05c

Program ID
135454

Last tested this download
2005-12-24 21:27:40


RE: Spyware, Adware, etc. by user27089 on 02-22-2006 at 08:08 PM

Don't worry, Messenger Plus! is 100% safe.

The only issue you would have is if you installed the optional sponsor program :).


RE: Spyware, Adware, etc. by No Leg Joe on 02-22-2006 at 08:19 PM

although it looks scary, I'm sure all of that is intended and/or is completly safe!


RE: Spyware, Adware, etc. by Kafman on 02-22-2006 at 08:19 PM

And by the way, it only installs adware, nor spyware, not harmful to your system :)

And as traxor says:

quote:
Originally posted by traxor
The only issue you would have is if you installed the optional sponsor program (Smilie)

RE: Spyware, Adware, etc. by Professor Piggy on 02-22-2006 at 08:39 PM

Well I am very worried as to why the extra option contains all that!


RE: Spyware, Adware, etc. by Ghost_Stalker on 02-22-2006 at 08:40 PM

If you got Plus from the official site, then you have nothing to fear. Also, there are some programs that see plus as a bad thing, when in reality... its not!


RE: Spyware, Adware, etc. by absorbation on 02-22-2006 at 08:42 PM

quote:
Originally posted by Ghost_Stalker
If you got Plus from the official site, then you have nothing to fear. Also, there are some programs that see plus as a bad thing, when in reality... its not!

true :P

http://www.msnmonkey.co.uk/Downloads.php is where you got it, but i know and trust the admin, his a nice guy. But that version is outdated
RE: Spyware, Adware, etc. by Professor Piggy on 02-22-2006 at 08:53 PM

Well on the date it was checked, that was the download link, but I trust from what you said it is OK.

I have directed the guys who wrote the report (I can't say who it is, ovious reasons) to this thread and requested they rescan a newer version.


RE: Spyware, Adware, etc. by Patchou on 02-22-2006 at 09:24 PM

Many of the things that are included from this report come from the sponsor optionally distributed with Messenger Plus! and not Messenger Plus! itself, there's a big difference. The two programs are completely separate, Messenger Plus! will never contact any other server than msgplus.net for things like its auto-update once a week.