Spyware, Adware, etc. - Printable Version
-Shoutbox (https://shoutbox.menthix.net)
+-- Forum: MsgHelp Archive (/forumdisplay.php?fid=58)
+--- Forum: Messenger Plus! for Live Messenger (/forumdisplay.php?fid=4)
+---- Forum: WLM Plus! General (/forumdisplay.php?fid=23)
+----- Thread: Spyware, Adware, etc. (/showthread.php?tid=56131)
Spyware, Adware, etc. by Professor Piggy on 02-22-2006 at 08:06 PM
I am very worried by this report.
Of course, before downloading anything, I check it out for viruses, etc.
An official report came back with Messenger Plus reported being a red download. (very dangerous)
I am posting this to ask the guy who created the program why the hell this is!
The report:
-----------------------------------------------------------------------------------------------------
Overall findings
In our tests, this download tried to change our Web browser search settings.
Nuisance Score
After downloading and installing Messenger Plus! 3.61 - on a fresh Windows XP machine, we checked our computer for programs some people would consider adware, spyware, or other unwanted software. Messenger Plus! 3.61 - earned a nuisance score of 5.00 because of the changes we found.
How does it modify my system?
(please note, I have added in some line breaks on codes following "hex:" so I don't stretch the board. too much)
Messenger Plus! 3.61 - made the following modifications to the system registry:
ADD HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.ple
ADD HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.ple @ "MsgPlus.Encrypted"
ADD HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.plp
ADD HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.plp @ "MsgPlus.SoundPack"
ADD HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1AD5E2AD-00FE-4416-6D8B-2F4C102E8663}
ADD HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1AD5E2AD-00FE-4416-6D8B-2F4C102E8663} "0BA24F20" "C408693AB308450773"
ADD HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1AD5E2AD-00FE-4416-6D8B-2F4C102E8663}\InprocServer32
ADD HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1AD5E2AD-00FE-4416-6D8B-2F4C102E8663}\InprocServer32 @ "C:\\DOCUME~1\\JAMESS~1\\APPLIC~1\\bindcash\\thirdtwo.exe"
ADD HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1AD5E2AD-00FE-4416-6D8B-2F4C102E8663}\InprocServer32 "ThreadingModel" "Apartment"
ADD HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MsgPlus.Encrypted
ADD HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MsgPlus.Encrypted @ "Encrypted Log File"
ADD HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MsgPlus.Encrypted\DefaultIcon
ADD HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MsgPlus.Encrypted\DefaultIcon @ "C:\\Program Files\\MessengerPlus! 3\\Resources\\MsgPlusRes.dll,-2781"
ADD HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MsgPlus.Encrypted\shell
ADD HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MsgPlus.Encrypted\shell\open
ADD HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MsgPlus.Encrypted\shell\open\command
ADD HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MsgPlus.Encrypted\shell\open\command @ "\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\" /LOG:%1"
ADD HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MsgPlus.SoundPack
ADD HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MsgPlus.SoundPack @ "Messenger Plus! Sound Pack"
ADD HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MsgPlus.SoundPack\DefaultIcon
ADD HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MsgPlus.SoundPack\DefaultIcon @ "C:\\Program Files\\MessengerPlus! 3\\Resources\\MsgPlusRes.dll,-8127"
ADD HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MsgPlus.SoundPack\shell
ADD HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MsgPlus.SoundPack\shell\open
ADD HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MsgPlus.SoundPack\shell\open\command
ADD HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MsgPlus.SoundPack\shell\open\command @ "\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\" /SNDPACK:%1"
CHANGE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG "Seed" hex:4f,1d,60,fd,94,03,b7,4e,d4,a0,fb,a6,62,c4,3b,04,7b,4c,1b,85,7b,
c8,\99,5a,b4,2b,06,61,f4,35,d6,b0,8b,5e,aa,8a,e3,60,ea,b0,8a,a3,6e,34,b2,
b6,b3,\34,cf,93,5d,ec,ad,4b,5a,87,6d,de,bf,b1,a2,e4,06,c5,ca,19,7f,cb,ca,a4,
e8,a0,\18,cc,9d,11,fe,e9,00,af
REMOVE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main "Search Page" "http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
CHANGE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\PROVIDERS\Performance "Performance Refresh" dword:00000000
CHANGE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM "C:\\WINDOWS\\system32\\advapi32.dll[MofResourceName]" "LowDateTime:660848256,HighDateTime:29655114***Binary mof compiled successfully"
CHANGE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM "C:\\WINDOWS\\system32\\DRIVERS\\ACPI.sys[ACPIMOFResource]" "LowDateTime:650848256,HighDateTime:29655114***Binary mof compiled successfully"
CHANGE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM "C:\\WINDOWS\\system32\\DRIVERS\\mssmbios.sys[MofResource]" "LowDateTime:-1629086336,HighDateTime:29655115***Binary mof compiled successfully"
CHANGE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM "C:\\WINDOWS\\system32\\DRIVERS\\intelppm.sys[PROCESSORWMI]" "LowDateTime:2080848256,HighDateTime:29655114***Binary mof compiled successfully"
REMOVE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM "C:\\WINDOWS\\system32\\DRIVERS\\pcntpci5.sys[NdisMofResource]" "LowDateTime:863039744,HighDateTime:29435636***Binary mof compiled successfully"
CHANGE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM "C:\\WINDOWS\\system32\\DRIVERS\\ipnat.sys[IPNATMofResource]" "LowDateTime:-1061007232,HighDateTime:29664841***Binary mof compiled successfully"
CHANGE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM "C:\\WINDOWS\\System32\\Drivers\\HTTP.sys[UlMofResource]" "LowDateTime:1643546752,HighDateTime:29666663***Binary mof compiled successfully"
CHANGE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM\DREDGE "C:\\WINDOWS\\system32\\advapi32.dll[MofResourceName]" "LowDateTime:660848256,HighDateTime:29655114***Binary mof compiled successfully"
CHANGE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM\DREDGE "C:\\WINDOWS\\system32\\DRIVERS\\ACPI.sys[ACPIMOFResource]" "LowDateTime:650848256,HighDateTime:29655114***Binary mof compiled successfully"
CHANGE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM\DREDGE "C:\\WINDOWS\\system32\\DRIVERS\\mssmbios.sys[MofResource]" "LowDateTime:-1629086336,HighDateTime:29655115***Binary mof compiled successfully"
CHANGE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM\DREDGE "C:\\WINDOWS\\system32\\DRIVERS\\intelppm.sys[PROCESSORWMI]" "LowDateTime:2080848256,HighDateTime:29655114***Binary mof compiled successfully"
REMOVE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM\DREDGE "C:\\WINDOWS\\system32\\DRIVERS\\pcntpci5.sys[NdisMofResource]" "LowDateTime:863039744,HighDateTime:29435636***Binary mof compiled successfully"
CHANGE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM\DREDGE "C:\\WINDOWS\\system32\\DRIVERS\\ipnat.sys[IPNATMofResource]" "LowDateTime:-1061007232,HighDateTime:29664841***Binary mof compiled successfully"
CHANGE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM\DREDGE "C:\\WINDOWS\\System32\\Drivers\\HTTP.sys[UlMofResource]" "LowDateTime:1643546752,HighDateTime:29666663***Binary mof compiled successfully"
ADD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{0BE1837B-DF4D-42A9-A220-DF11CBBF9967}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
ADD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{0BE1837B-DF4D-42A9-A220-DF11CBBF9967}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000} "Active" dword:00000001
ADD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{0BE1837B-DF4D-42A9-A220-DF11CBBF9967}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000} "SubscriptionID" "{0BE1837B-DF4D-42A9-A220-DF11CBBF9967}"
ADD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{0BE1837B-DF4D-42A9-A220-DF11CBBF9967}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000} "SubscriptionName" "Messenger ISensLogon Subscription"
ADD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{0BE1837B-DF4D-42A9-A220-DF11CBBF9967}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000} "EventClassID" "{D5978630-5B9F-11D1-8DD2-00AA004ABD5E}"
ADD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{0BE1837B-DF4D-42A9-A220-DF11CBBF9967}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000} "PerUser" dword:ffffffff
ADD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{0BE1837B-DF4D-42A9-A220-DF11CBBF9967}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000} "OwnerSID" "S-1-5-21-1202660629-1637723038-725345543-1004"
ADD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{0BE1837B-DF4D-42A9-A220-DF11CBBF9967}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000} "Enabled" dword:ffffffff
ADD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{0BE1837B-DF4D-42A9-A220-DF11CBBF9967}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000} "InterfaceID" "{D597BAB3-5B9F-11D1-8DD2-00AA004ABD5E}"
ADD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{0BE1837B-DF4D-42A9-A220-DF11CBBF9967}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000} "EventClassPartitionID" "{00000000-0000-0000-0000-000000000000}"
ADD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{0BE1837B-DF4D-42A9-A220-DF11CBBF9967}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000} "EventClassApplicationID" "{00000000-0000-0000-0000-000000000000}"
ADD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{0BE1837B-DF4D-42A9-A220-DF11CBBF9967}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000} "SubscriberPartitionID" "{00000000-0000-0000-0000-000000000000}"
ADD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{0BE1837B-DF4D-42A9-A220-DF11CBBF9967}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000} "SubscriberApplicationID" "{00000000-0000-0000-0000-000000000000}"
ADD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{B6685BC1-E1B8-42A5-9D29-BC7E7F4E0A0E}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
ADD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{B6685BC1-E1B8-42A5-9D29-BC7E7F4E0A0E}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000} "Active" dword:00000001
ADD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{B6685BC1-E1B8-42A5-9D29-BC7E7F4E0A0E}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000} "SubscriptionID" "{B6685BC1-E1B8-42A5-9D29-BC7E7F4E0A0E}"
ADD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{B6685BC1-E1B8-42A5-9D29-BC7E7F4E0A0E}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000} "SubscriptionName" "Messenger ISensNetwork Subscription"
ADD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{B6685BC1-E1B8-42A5-9D29-BC7E7F4E0A0E}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000} "EventClassID" "{D5978620-5B9F-11D1-8DD2-00AA004ABD5E}"
ADD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{B6685BC1-E1B8-42A5-9D29-BC7E7F4E0A0E}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000} "PerUser" dword:ffffffff
ADD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{B6685BC1-E1B8-42A5-9D29-BC7E7F4E0A0E}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000} "OwnerSID" "S-1-5-21-1202660629-1637723038-725345543-1004"
ADD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{B6685BC1-E1B8-42A5-9D29-BC7E7F4E0A0E}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000} "Enabled" dword:ffffffff
ADD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{B6685BC1-E1B8-42A5-9D29-BC7E7F4E0A0E}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000} "InterfaceID" "{D597BAB1-5B9F-11D1-8DD2-00AA004ABD5E}"
ADD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{B6685BC1-E1B8-42A5-9D29-BC7E7F4E0A0E}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000} "EventClassPartitionID" "{00000000-0000-0000-0000-000000000000}"
ADD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{B6685BC1-E1B8-42A5-9D29-BC7E7F4E0A0E}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000} "EventClassApplicationID" "{00000000-0000-0000-0000-000000000000}"
ADD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{B6685BC1-E1B8-42A5-9D29-BC7E7F4E0A0E}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000} "SubscriberPartitionID" "{00000000-0000-0000-0000-000000000000}"
ADD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{B6685BC1-E1B8-42A5-9D29-BC7E7F4E0A0E}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000} "SubscriberApplicationID" "{00000000-0000-0000-0000-000000000000}"
ADD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{B6685BC1-E1B8-42A5-9D29-BC7E7F4E0A0E}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}\SubscriberProperties
ADD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{B6685BC1-E1B8-42A5-9D29-BC7E7F4E0A0E}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}\SubscriberProperties "ulConnectionMadeTypeNoQOC" hex:13,00,00,00,07,00,00,00
ADD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MessengerService\Policies
ADD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "MessengerPlus3" "\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\""
ADD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Load Body Spam Glue" "C:\\Documents and Settings\\All Users\\Application Data\\Cdrom Bore Load Body\\Hope Real.exe"
ADD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
ADD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1AD5E2AD-00FE-4416-6D8B-2F4C102E8663}
ADD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MsgPlus! Plugin
ADD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MsgPlus! Plugin "DisplayName" "Messenger Plus! 3"
ADD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MsgPlus! Plugin "UninstallString" "\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\" /Remove"
ADD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MsgPlus! Plugin "DisplayIcon" "C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe,2"
ADD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MsgPlus! Plugin "SponsorInstalled" dword:00000001
ADD HKEY_LOCAL_MACHINE\SOFTWARE\Patchou
ADD HKEY_LOCAL_MACHINE\SOFTWARE\Patchou\MsgPlus2
ADD HKEY_LOCAL_MACHINE\SOFTWARE\Patchou\MsgPlus2 "BinDir" "C:\\Program Files\\MessengerPlus! 3"
ADD HKEY_LOCAL_MACHINE\SOFTWARE\Patchou\MsgPlus2 "LocalizationDir" "C:\\Program Files\\MessengerPlus! 3\\Resources"
ADD HKEY_LOCAL_MACHINE\SOFTWARE\Patchou\MsgPlus2 "PluginDir" "C:\\Program Files\\MessengerPlus! 3\\Plugins"
ADD HKEY_LOCAL_MACHINE\SOFTWARE\Patchou\MsgPlus2 "FileNameDll" "MsgPlusH.dll"
ADD HKEY_LOCAL_MACHINE\SOFTWARE\Patchou\MsgPlus2 "FileNameExe" "MsgPlus.exe"
ADD HKEY_LOCAL_MACHINE\SOFTWARE\Patchou\MsgPlus2 "FileNameLoader" "MsgPlusLoader.dll"
ADD HKEY_LOCAL_MACHINE\SOFTWARE\Patchou\MsgPlus2 "SoftwareBuild" dword:00000c49
ADD HKEY_LOCAL_MACHINE\SOFTWARE\Patchou\MsgPlus2 "DefLanguageFile" "DefaultLg.dat"
ADD HKEY_LOCAL_MACHINE\SOFTWARE\Patchou\MsgPlus2 "InstallTime" dword:43ae0163
ADD HKEY_LOCAL_MACHINE\SOFTWARE\Patchou\MsgPlus2\RegisteredPlugins
CHANGE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Providers "LogonTime" hex:9a,df,19,5c,f9,08,c6,01
ADD HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Printers
ADD HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Printers "DefaultSpoolDirectory" "C:\\WINDOWS\\System32\\spool\\PRINTERS"
CHANGE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT "EventMessageFile" hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,\00,53,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,45,00,\53,00,45,00,4e,00,54,00,2e,00,64,00,6c,00,6c,00,00,00
CHANGE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT "CategoryMessageFile" hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,\57,00,53,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,45,\00,53,00,45,00,4e,00,54,00,2e,00,64,00,6c,00,6c,00,00,00
CHANGE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kmixer\Enum "Count" dword:00000001
CHANGE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kmixer\Enum "NextInstance" dword:00000001
ADD HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kmixer\Enum "0" "SW\\{b7eafdc0-a680-11d0-96d8-00aa0051e51d}\\{9B365890-165F-11D0-A195-0020AFD156E4}"
CHANGE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ESENT "EventMessageFile" hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,\00,53,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,45,00,\53,00,45,00,4e,00,54,00,2e,00,64,00,6c,00,6c,00,00,00
CHANGE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ESENT "CategoryMessageFile" hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,\57,00,53,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,45,\00,53,00,45,00,4e,00,54,00,2e,00,64,00,6c,00,6c,00,00,00
CHANGE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kmixer\Enum "Count" dword:00000001
CHANGE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kmixer\Enum "NextInstance" dword:00000001
ADD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kmixer\Enum "0" "SW\\{b7eafdc0-a680-11d0-96d8-00aa0051e51d}\\{9B365890-165F-11D0-A195-0020AFD156E4}"
CHANGE HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\Software\Microsoft\Internet Explorer\Main "Start Page" "http://www.qrfdbjprkpksofuegmogutsy.com/L2vfDAwTXLvIM1UXTQuH8_4o/BMY8LVD452f3BolXO8.jsp"
REMOVE HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\Software\Microsoft\Internet Explorer\Main "Search Page" "http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
CHANGE HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\Software\Microsoft\Internet Explorer\Main "AutoSearch" dword:00000000
ADD HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\Software\Microsoft\Internet Explorer\Main "Search Bar" "http://www.trfidqhdqqyfxtfnxdse.com/L2vfDAwTXLur4PSka_ebQ4RuVTQfDOymbLojVWKjoFEzXY0F4iLyiOQztidGcuy3.html"
ADD HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\Software\Microsoft\Internet Explorer\Main "Use Custom Search URL" dword:00000001
ADD HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\Software\Microsoft\Internet Explorer\Main "Use Search Asst" "no"
ADD HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\Software\Microsoft\Internet Explorer\New Windows\Allow "lop.com" ""
ADD HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\Software\Microsoft\Internet Explorer\New Windows\Allow "www.lop.com" ""
ADD HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\Software\Microsoft\Internet Explorer\New Windows\Allow "mysearchnow.com" ""
ADD HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\Software\Microsoft\Internet Explorer\New Windows\Allow "www.mysearchnow.com" ""
ADD HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\Software\Microsoft\MessengerService "FirstTimeUser" dword:00000000
ADD HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\Software\Microsoft\MessengerService "UsedGroupsView" dword:00000001
REMOVE HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021493-0000-0000-C000-000000000046}\Enum
REMOVE HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021493-0000-0000-C000-000000000046}\Enum "Implementing" hex:1c,00,00,00,01,00,00,00,d5,07,0c,00,00,00,19,00,02,00,11,00,\0b,00,bb,
00,05,00,00,00,01,24,d0,30,81,6a,d0,11,82,74,00,c0,4f,d5,ae,38,f3,\31,ee,c4,
68,47,d2,11,be,5c,00,a0,c9,a8,3d,a1,61,4e,a2,ef,78,b0,d0,11,89,e4,\00,c0,4f,
c9,e2,6e,62,4e,a2,ef,78,b0,d0,11,89,e4,00,c0,4f,c9,e2,6e,64,4e,a2,\ef,78,b0,
d0,11,89,e4,00,c0,4f,c9,e2,6e
REMOVE HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021494-0000-0000-C000-000000000046}\Enum
REMOVE HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021494-0000-0000-C000-000000000046}\Enum "Implementing" hex:1c,00,00,00,01,00,00,00,d5,07,0c,00,00,00,19,00,02,00,11,00,\0b,00,d4,
01,01,00,00,00,25,8c,5c,4d,75,d0,d0,11,b4,16,00,c0,4f,b9,03,76
REMOVE HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites
REMOVE HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites "Order" hex:08,00,00,00,02,00,00,00,18,01,00,00,01,00,00,00,03,00,00,00,44,00,
\00,00,00,00,00,00,36,00,31,00,00,00,00,00,93,32,a4,b5,10,00,4c,69,6e,6b
,73,\00,22,00,03,00,04,00,ef,be,93,32,9b,b5,34,33,16,59,14,00,00,00,4c,00
,69,00,\6e,00,6b,00,73,00,00,00,14,00,00,00,00,00,00,00,58,00,00,00,01,00
,00,00,4a,\00,32,00,77,00,00,00,93,32,a4,b5,20,00,4d,53,4e,43,4f,4d,7e,31,
2e,55,52,4c,\00,00,2e,00,03,00,04,00,ef,be,93,32,a4,b5,bb,32,93,a5,14,00,
00,00,4d,00,53,\00,4e,00,2e,00,63,00,6f,00,6d,00,2e,00,75,00,72,00,6c,00,
00,00,1c,00,00,00,\00,00,00,00,70,00,00,00,02,00,00,00,62,00,32,00,c5,00,
00,00,93,32,a4,b5,20,\00,52,41,44,49,4f,53,7e,31,2e,55,52,4c,00,00,46,00,
03,00,04,00,ef,be,93,32,\a4,b5,bb,32,93,a5,14,00,00,00,52,00,61,00,64,00,
69,00,6f,00,20,00,53,00,74,\00,61,00,74,00,69,00,6f,00,6e,00,20,00,47,00,
75,00,69,00,64,00,65,00,2e,00,\75,00,72,00,6c,00,00,00,1c,00,00,00,00,00,
00,00
REMOVE HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
REMOVE HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links "Order" hex:08,00,00,00,02,00,00,00,00,02,00,00,01,00,00,00,05,00,00,00,68,00,
\00,00,00,00,00,00,5a,00,32,00,77,00,00,00,93,32,a4,b5,20,00,43,55,53,54,
4f,\4d,7e,31,2e,55,52,4c,00,00,3e,00,03,00,04,00,ef,be,93,32,a4,b5,bb,32,
93,a5,\14,00,00,00,43,00,75,00,73,00,74,00,6f,00,6d,00,69,00,7a,00,65,00,
20,00,4c,\00,69,00,6e,00,6b,00,73,00,2e,00,75,00,72,00,6c,00,00,00,1c,00,
00,00,00,00,\00,00,62,00,00,00,01,00,00,00,54,00,32,00,71,00,00,00,93,32,
a4,b5,20,00,46,\52,45,45,48,4f,7e,31,2e,55,52,4c,00,00,38,00,03,00,04,00,
ef,be,93,32,a4,b5,\bb,32,93,a5,14,00,00,00,46,00,72,00,65,00,65,00,20,00,
48,00,6f,00,74,00,6d,\00,61,00,69,00,6c,00,2e,00,75,00,72,00,6c,00,00,00,
1c,00,00,00,00,00,00,00,\56,00,00,00,02,00,00,00,48,00,32,00,71,00,00,00,
93,32,a4,b5,20,00,57,69,6e,\64,6f,77,73,2e,75,72,6c,00,2e,00,03,00,04,00,
ef,be,93,32,a4,b5,bb,32,93,a5,\14,00,00,00,57,00,69,00,6e,00,64,00,6f,00,
77,00,73,00,2e,00,75,00,72,00,6c,\00,00,00,1a,00,00,00,00,00,00,00,70,00,
00,00,03,00,00,00,62,00,32,00,a9,00,\00,00,93,32,9d,b5,20,00,57,49,4e,44,
4f,57,7e,31,2e,55,52,4c,00,00,46,00,03,\00,04,00,ef,be,93,32,9d,b5,bb,32,
93,a5,14,00,00,00,57,00,69,00,6e,00,64,00,\6f,00,77,00,73,00,20,00,4d,00,
61,00,72,00,6b,00,65,00,74,00,70,00,6c,00,61,\00,63,00,65,00,2e,00,75,00,
72,00,6c,00,00,00,1c,00,00,00,00,00,00,00,64,00,\00,00,04,00,00,00,56,00,
32,00,76,00,00,00,93,32,a4,b5,20,00,57,49,4e,44,4f,\57,7e,32,2e,55,52,4c,
00,00,3a,00,03,00,04,00,ef,be,93,32,a4,b5,bb,32,93,a5,\14,00,00,00,57,00,
69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,4d,00,65,00,64,\00,69,00,61,00,
2e,00,75,00,72,00,6c,00,00,00,1c,00,00,00,00,00,00,00
CHANGE HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections "SavedLegacySettings" hex:3c,00,00,00,4e,00,00,00,01,00,00,00,00,00,00,00,00,\00,00,00,00,00,00,
00,04,00,00,00,00,00,00,00,60,60,3a,8b,31,45,c5,01,01,00,\00,00,c0,a8,a5,
83,00,00,00,00,00,00,00,00
ADD HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Run "MSMSGS" "\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
ADD HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Run "anteplay" "C:\\DOCUME~1\\JAMESS~1\\APPLIC~1\\SIZEBL~1\\Web This.exe"
ADD HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache "y:\\disk0\\program_test\\programs\\97193\\38847\\71532\\MsgPlus-354.exe" "Setup of Messenger Plus!"
ADD HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache "C:\\DOCUME~1\\JAMESS~1\\LOCALS~1\\Temp\\MPlusSetup.exe" "Setup of Messenger Plus!"
ADD HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache "C:\\Program Files\\Messenger\\msmsgs.exe" "Windows Messenger"
ADD HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache "C:\\DOCUME~1\\JAMESS~1\\APPLIC~1\\SIZEBL~1\\mbdaeetb.exe" "mbdaeetb"
ADD HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache "C:\\DOCUME~1\\JAMESS~1\\APPLIC~1\\SIZEBL~1\\road plan aim.exe" "road plan aim"
CHANGE HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\SessionInformation "ProgramCount" dword:00000002
ADD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Printers
ADD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Printers "DefaultSpoolDirectory" "C:\\WINDOWS\\System32\\spool\\PRINTERS"
ADD HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_ContactOnline\.Default
ADD HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_ContactOnline\.Default @ ""
ADD HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_NewAlert\.Default
ADD HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_NewAlert\.Default @ ""
ADD HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_NewMail\.Default
ADD HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_NewMail\.Default @ ""
ADD HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_NewMessage\.Default
ADD HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_NewMessage\.Default @ ""
ADD HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\Software\bitslinktitlewma
ADD HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\Software\bitslinktitlewma "Blue Okay" hex:45,66,aa,70,bb,e4,12,ef,c7,a0,d8,73,3c,b7,fb,14,4b,fe,25,64,8b,\e6,cb,8c,
08,7d,21,e4,a2,20,3a,d5,36,d8,b5,df,08,ca,a1,e4,5f,48,38,14,a7,f0,\55,fd,f7,
9b,49,db,0e,e0,ae,c5,5d,14,84,3b,28,74,19,85,22,5c,36,fd,80,0e,80,\e5,ca,
90,44,35,d2,91,07,8d,42,2d,dd,19,46,92,d4,57,67,66,9b,53,08,d2,9d,a5,\f3,
c9,1e,5c,ce,9f,5b,fb,f0,ae,92,6f,e7,b5,8d,e9,8e,e6,ae,8b,aa,97,f6,d3,e9,\a6,
42,ba,cc,a0,bc,1a,4b,d4,94,79,3f,fe,24,64,ca,93,b6,e3,5b,18,50,96,c1,48,\3b,
d0,36,d8,d1,b3,65,a6,ce,96,3a,7a,38,6b,c8,95,26,e9,fb,ee,36,a3,77,81,95,
\b0,24,6f,80,38,28,74,1d,9c,22,5c,55,8f,80,31,80,80,be,94,17,54,a6,b5,43,
e8,\21,09,ef,2d,66,c4,8c,1e,56,5f,a1,62,31,f7,af,95,c3,f8,1e,5a,ce,9b,5b,ff,f0,
\ca,fb,18,d5,b5,8c,8f,e7,84,ce,ef,aa,96,f2,d3,e9,a5,46,ba,cc,b9,d8,73,38,b6,
\fb,14,4f,98,51,64,99,f2,cb,c3,1f,7d,23,b6,f3,7c,1a,e2,07,e2,84,e4,32,fb,98,\
c0,6d,78,08,25,a7,f3,55,9e,9f,9f,48,db,0e,e4,ad,c5,5d,78,e4,3b,38,53,1d,85,
\27,5c,55,8e,84,31,80,e5,ce,94,44,35,be,fa,64,e6,42,c0,de,19,46,f0,bd,24,67
,\63,9b,53,08,d3,9d,a5,f3,a1,71,3f,a5,a9,5b,fb,f0,ca,fb,18,d5,b5,8c,c5,8e,e6,\
a6,8a,aa,97,f2,bc,8c,c3,46,d9,f6,fc,bc,1c,5b,c2,96,71,31,cf,79,0e,ab,fe,da,\90
,28,66,71,ca,ad,27,59,b1,5a,ab,cb,ed,54,be,c4,8d,2f,14,5a,79,d4,c3,7b,fb,\e7
,fe,48,dd,0e,e0,ad,d9,5d,14,80,3a,28,74,1d,ea,4b,39,3d,fe,80,59,f4,91,ba,
\ae,6b,1a,a5,e2,70,a3,31,40,a9,7c,27,92,cb,4d,14,08,e9,7d,6b,b8,f0,8a,f3,ce,
\1e,5c,ce,9f,5b,fb,f0,ce,fb,1c,d5,c5,e2,e9,71,19,59,74,af,97,f2,d3,ed,a6,46,
\ba,c8,a0,d8,73,48,c1,8d,7a,4f,fd,25,64,ca,97,bf,e3,5b,1c,40,96,c1,4c,3a,d0,
\36,aa,da,af,08,cb,a1,e0,5f,4d,38,10,a7,f4,55,9e,9f,9f,48,db,0e,93,d9,a4,3c,
\14,81,3b,28,74,1e,85,22,5c,5d,8e,80,31,81,e5,ca,94,37,43,d2,a1,29,be,71,
44,\ae,77,46,f0,bd,24,67,63,9b,53,08,d3,9d,a5,f3,b9,78,38,bb,f2,5b,fa,f0,ca,
fb,\19,d5,b5,8c,dd,8e,e6,a6,8a,aa,97,f2,a7,99,d6,74,ba,8f,9a,84,37,77,f4,ae
,59,\0a,80,14,38,8b,df,f3,b6,08,5d,3e,a7,9d,09,6a,80,7a,91,f6,a2,39,96,e2,
a4,0d,\07,75,52,d9,c1,09,d6,d0,cb,0d,89,4b,9e,9c,eb,18,4c,c5,3b,2b,74,1d,
85,26,5c,\55,8e,84,31,80,e5,be,e7,44,35,d2,95,07,8e,42,29,dd,08,46,f6,bd,
27,67,67,9b,\26,3a,d7,a8,c0,c3,fe,2a,69,aa,fa,62,98,95,ab,c3,7e,ed,d1,8c,ea,
8e,e6,a6,8f,\
ADD HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\Software\bitslinktitlewma\activedelete
ADD HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\Software\Microsoft\Windows\CurrentVersion\ownsfilehold
ADD HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\Software\Microsoft\Windows\CurrentVersion\ownsfilehold "1byte" hex:f3,0d,f8,20,5c,a2,f9,90,56,14,80,3b,2c,74,1d,85,26,5c,55,8e,c1,44,\f4,8a,
99,f1,25,47,b1,fd,07,88,42,29,dd,1a,46,f6,bd,20,67,67,9b,57,08,d7,9d,\c6,9b,
cd,1f,5c,ce,9b,58,fb,f0,ca,ff,1c,d5,b5,88,e9,8e,e6,c5,f8,aa,a8,f2,d3,\e9,a2,46,
ba,cc,a4,d8,73,38,b3,fb,14,4f,9a,4c,17,ca,92,bf,e3,5b,1d,40,96,c1,\4c,3a,d0,
36,dc,b5,dc,08,ae,c8,93,6d,48,39,10,a7,f0,5d,9e,9f,9b,4c,db,0e,e0,\a9,c5,5d,
14,e4,52,5b,17,72,e8,52,5c,54,8e,80,31,89,e5,ca,94,54,35,d2,95,06,\8d,42,
29,b9,76,2b,9a,d2,52,02,55,9b,28,67,b2,ee,d2,97,b8,60,24,b7,fa,63,8e,\89,
b1,fb,1f,d5,b5,8c,f0,8e,e6,a6,8a,aa,97,f2,b6,9d,a6,15,db,b8,80,9c,16,5b,\97,
c9,20,6f,cc,14,5e,fb,ab,85,d2,62,38,72,a6,f1,7d,3a,d6,36,d8,b5,d8,08,ca,\a1,
e4,5f,48,38,76,ce,92,3d,fa,9f,9a,48,db,0e,e3,ad,c5,5d,0d,80,3b,28,75,1d,\85,
22,3a,21,8e,d3,50,f4,c5,8e,f1,27,15,e0,a1,27,bf,73,13,ec,21,7c,c7,84,04,\55,
57,ab,66,08,d4,9d,a5,f3,c9,1e,5c,ce,9f,5b,fb,f0,a6,9f,1c,c5,92,8c,e9,8b,\e6,
a6,8b,ae,97,f2,d3,ed,a6,46,ba,a0,cf,bb,18,38,5e,f8,14,4f,f8,25,64,ca,97,\bf,
e3,5b,1c,40,96,c1,24,55,b3,5d,ea,b5,dc,08,ca,a1,e4,5f,48,38,3c,a7,f0,55,\9f,
9f,9b,48,b4,6b,85,ad,a6,67,48,e4,54,4b,01,70,e0,5c,6d,09,e4,e1,5c,e5,96,
\b9,ea,75,69,be,fa,64,ec,2e,5a,a3,28,1a,82,d8,49,17,3b,f9,3a,7b,e4,b3,c0,8b,
\a8,1e,5a,ce,9b,5b,e7,f0,ca,fb,1d,d5,b5,8c,86,e7,83,ce,fb,aa,ff,86,a7,99,9c,
\69,95,bb,d7,af,5d,4b,de,8f,71,2e,9a,53,0d,b9,fc,cd,cd,38,77,2d,b9,c1,4b,3a,
\d0,36,dc,b5,dc,08,ce,a1,e0,5f,38,56,10,58,0f,aa,61,9a,9b,48,db,0a,e0,ad,c5,
\59,14,80,3b,58,02,6b,eb,22,5f,55,8e,80,35,80,e5,ca,90,44,35,d2,91,07,8d,
42,\5b,b2,6a,46,f7,bd,24,67,64,9b,53,08,df,9d,a5,f3,cc,1e,5c,ce,e8,2d,fb,c4,
e4,\c8,2f,b8,c6,e2,e9,8d,e6,a6,8b,ae,97,f2,d3,ed,a6,46,ba,b8,d3,d8,73,38,
b7,fb,\17,4f,fe,25,75,ca,93,bf,e0,5b,18,40,e3,f3,48,0f,b5,06,eb,81,e9,6c,ab,
98,83,\3a,29,00,72,9f,94,55,9d,9f,9b,48,df,0e,e0,ad,c1,5d,14,80,4e,41,74,
1d,85,22,\5c,50,8e,80,31,84,e5,ca,94,40,35,d2,95,72,fd,26,1b,dd,18,46,f6,
bd,2c,67,67,\9b,57,08,d7,9d,a1,f3,cd,1e,29,bc,f7,2b,89,9f,be,fb,6f,21,9c,8c,
ea,8e,e6,a6,\82,aa,97,f2,d2,e9,a6,46,cf,b9,a0,ef,43,08,87,cb,24,7e,cf,25,6c,
ca,93,bf,e7,\5b,18,40,92,c1,48,3a,a6,5f,ab,dc,be,64,af,a1,e0,0e,e0,ad
ADD HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\Software\Patchou
ADD HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\Software\Patchou\MsgPlus2
ADD HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\Software\Patchou\MsgPlus2 "LanguageFile" "DefaultLg.dat"
ADD HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\Software\Patchou\MsgPlus2 "DefaultConfiguration" "Nobody"
ADD HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\Software\Patchou\MsgPlus2 "SoftwareState" dword:00000001
ADD HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\Software\Classes\CLSID
ADD HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004\Software\Classes\CLSID\{1437DCF3-ABB5-1D8E-52A4-8C636AB15E7E}
ADD HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004_Classes\CLSID
ADD HKEY_USERS\S-1-5-21-1202660629-1637723038-725345543-1004_Classes\CLSID\{1437DCF3-ABB5-1D8E-52A4-8C636AB15E7E}
Messenger Plus! 3.61 - also made the following modifications to the hard drive:
c:\documents and settings\all users\application data\cdrom bore load body\hope real.exe
c:\documents and settings\all users\application data\cdrom bore load body\modethateq
c:\documents and settings\owner\application data\bindcash\thirdtwo.exe
c:\documents and settings\owner\application data\sizeblehface\815f995d
c:\documents and settings\owner\application data\sizeblehface\listdrawtonsbone.exe
c:\documents and settings\owner\application data\sizeblehface\mbdaeetb.exe
c:\documents and settings\owner\application data\sizeblehface\road plan aim.exe
c:\documents and settings\owner\application data\sizeblehface\web this.exe
c:\documents and settings\owner\cookies\james sanchez@ayb.lop[1].txt
c:\documents and settings\owner\cookies\james sanchez@lop[1].txt
c:\documents and settings\owner\local settings\temp\bis3.exe
c:\documents and settings\owner\local settings\temp\reg63928.tmp
c:\documents and settings\owner\local settings\temp\reg63929.tmp
c:\documents and settings\owner\local settings\temporary internet files\content.ie5\qji5cror\setupend[1].htm
c:\program files\adverts\uninst.exe
c:\program files\messengerplus! 3\detoured.dll
c:\program files\messengerplus! 3\lame_enc.dll
c:\program files\messengerplus! 3\libsndfile.dll
c:\program files\messengerplus! 3\msgplus.exe
c:\program files\messengerplus! 3\msgplush.dll
c:\program files\messengerplus! 3\msgplusloader.dll
c:\program files\messengerplus! 3\readme.txt
c:\program files\messengerplus! 3\richedhook.dll
c:\program files\messengerplus! 3\setup.dat
c:\program files\messengerplus! 3\plugins\developers.txt
c:\program files\messengerplus! 3\resources\defaultlg.dat
c:\program files\messengerplus! 3\resources\lang_arabic.ini
c:\program files\messengerplus! 3\resources\lang_catala.ini
c:\program files\messengerplus! 3\resources\lang_chinese simplified.ini
c:\program files\messengerplus! 3\resources\lang_chinese traditional.ini
c:\program files\messengerplus! 3\resources\lang_dansk.ini
c:\program files\messengerplus! 3\resources\lang_deutsch.ini
c:\program files\messengerplus! 3\resources\lang_espanol (espana).ini
c:\program files\messengerplus! 3\resources\lang_espanol (latino).ini
c:\program files\messengerplus! 3\resources\lang_estonian.ini
c:\program files\messengerplus! 3\resources\lang_francais.ini
c:\program files\messengerplus! 3\resources\lang_hellenic.ini
c:\program files\messengerplus! 3\resources\lang_italiano.ini
c:\program files\messengerplus! 3\resources\lang_japanese.ini
c:\program files\messengerplus! 3\resources\lang_korean.ini
c:\program files\messengerplus! 3\resources\lang_magyar.ini
c:\program files\messengerplus! 3\resources\lang_nederlands.ini
c:\program files\messengerplus! 3\resources\lang_portugues.ini
c:\program files\messengerplus! 3\resources\lang_suomeksi.ini
c:\program files\messengerplus! 3\resources\lang_svenska.ini
c:\program files\messengerplus! 3\resources\lang_thai.ini
c:\program files\messengerplus! 3\resources\lang_turkce.ini
c:\program files\messengerplus! 3\resources\msgplusres.dll
c:\windows\prefetch\bis3.exe-0fec4f19.pf
c:\windows\prefetch\hopere~1.exe-1d7b4a69.pf
c:\windows\prefetch\mbdaeetb.exe-0f820e79.pf
c:\windows\prefetch\msgplus.exe-1f40e706.pf
c:\windows\prefetch\msmsgs.exe-2b6052de.pf
c:\windows\prefetch\road plan aim.exe-08a5d5e5.pf
c:\windows\prefetch\uninst.exe-29e1cd4d.pf
c:\windows\prefetch\wmiadap.exe-2df425b2.pf
c:\windows\softwaredistribution\datastore\logs\tmp.edb
c:\windows\tasks\a5b85d559183d7b1.job
Network activity
During Messenger Plus! 3.61 -'s installation and subsequent run, the following network servers were contacted.
adclst03.valueclick.com
stats.partypoker.com
as1.falkag.de
ad.admarketplace.net
a1174.g.akamai.net
ads.cc214142.com
ad.yieldmanager.com
p.mii.instacontent.net
www.indiads.com
www.bollywoodondemand.com
media.fastclick.net
a929.g.akamai.net
z1.adserver.com
red.as1.falkag.de
cdn.fastclick.net
t.trafficmp.com
www.southasianews.com
153.17.220.66.in-addr.arpa
images2.smashits.com
secure.directtrack.com
41.17.220.66.in-addr.arpa
a.tribalfusion.com
a1521.x.akamai.net
ads.addynamix.com
servedby.advertising.com
www.partypoker.com
view.atdmt.com
c.as-eu.falkag.net
focusin.ads.targetnet.com
exchange.myriadmarket.com
ads.zone-media.com
i24599.bins.lop.com
searchweb2.com
ww.smashits.com
a1539.g.akamai.net
www.smashawards.com
Other information
Title
Messenger Plus! 3.61
URL of the download publisher: http://www.msnmonkey.co.uk/Downloads.php
URL of the download:
http://download.msgplus.net/files/MsgPlus-354.exe
Full checksum (MD5)
2322f0d1b4a88145d79d55ce4966a05c
Program ID
135454
Last tested this download
2005-12-24 21:27:40
RE: Spyware, Adware, etc. by user27089 on 02-22-2006 at 08:08 PM
Don't worry, Messenger Plus! is 100% safe.
The only issue you would have is if you installed the optional sponsor program .
RE: Spyware, Adware, etc. by No Leg Joe on 02-22-2006 at 08:19 PM
although it looks scary, I'm sure all of that is intended and/or is completly safe!
RE: Spyware, Adware, etc. by Kafman on 02-22-2006 at 08:19 PM
And by the way, it only installs adware, nor spyware, not harmful to your system
And as traxor says:
quote: Originally posted by traxor
The only issue you would have is if you installed the optional sponsor program (Smilie)
RE: Spyware, Adware, etc. by Professor Piggy on 02-22-2006 at 08:39 PM
Well I am very worried as to why the extra option contains all that!
RE: Spyware, Adware, etc. by Ghost_Stalker on 02-22-2006 at 08:40 PM
If you got Plus from the official site, then you have nothing to fear. Also, there are some programs that see plus as a bad thing, when in reality... its not!
RE: Spyware, Adware, etc. by absorbation on 02-22-2006 at 08:42 PM
quote: Originally posted by Ghost_Stalker
If you got Plus from the official site, then you have nothing to fear. Also, there are some programs that see plus as a bad thing, when in reality... its not!
true
http://www.msnmonkey.co.uk/Downloads.php is where you got it, but i know and trust the admin, his a nice guy. But that version is outdated
RE: Spyware, Adware, etc. by Professor Piggy on 02-22-2006 at 08:53 PM
Well on the date it was checked, that was the download link, but I trust from what you said it is OK.
I have directed the guys who wrote the report (I can't say who it is, ovious reasons) to this thread and requested they rescan a newer version.
RE: Spyware, Adware, etc. by Patchou on 02-22-2006 at 09:24 PM
Many of the things that are included from this report come from the sponsor optionally distributed with Messenger Plus! and not Messenger Plus! itself, there's a big difference. The two programs are completely separate, Messenger Plus! will never contact any other server than msgplus.net for things like its auto-update once a week.
|