Removed: facemoods.dll, facemoodssrv.exe, facemoodsTlbr.dll, MessengerAssist.exe (adware MarketScore)

Dmitry Sokolov recommends his nice removal tool: UnHackMe


UnHackMe quickly removes rootkits/malware/adware/browser hijack issues!

: Solved!
5 Stars (5 / 5)


Malware: SetupMessengerAssist.exe

Removed: C:\Program Files\facemoods.com\facemoods\1.4.17.0\bh\facemoods.dll
C:\Program Files\facemoods.com\facemoods\1.4.17.0\facemoodssrv.exe
C:\Program Files\facemoods.com\facemoods\1.4.17.0\facemoodsTlbr.dll
C:\Program Files\Messenger Assist\MessengerAssist.exe

—————————————————————————————————————————-
Detected by UnHackMe:

Item Name: {64182481-4F71-486b-A045-B233BD0DA8FC}
Author: facemoods.com BHO
Related File: C:\PROGRAM FILES\FACEMOODS.COM\FACEMOODS\1.4.17.0\BH\FACEMOODS.DLL
Type: Browser Helper Objects

Item Name: {DB4E9724-F518-4dfd-9C7C-78B52103CAB9}
Author: facemoods.com
Related File: C:\PROGRAM FILES\FACEMOODS.COM\FACEMOODS\1.4.17.0\FACEMOODSTLBR.DLL
Type: Toolbars

Item Name: facemoods
Author: facemoods.com
Related File: C:\PROGRAM FILES\FACEMOODS.COM\FACEMOODS\1.4.17.0\FACEMOODSSRV.EXE
Type: Registry Run

Item Name: Messenger Assist.lnk
Author: BookmarkSoft
Related File: C:\PROGRAM FILES\MESSENGER ASSIST\MESSENGERASSIST.EXE
Type: Common Startup Folder

Item Name: MessengerAssist.exe
Author:
Related File: C:\PROGRAM FILES\MESSENGER ASSIST\MESSENGERASSIST.EXE
Type: Running Processes

Removal Results: Success
Number of reboot: 1

—————————————————————————————————————————-
How to quickly detect malware presence?

Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\facemoods
Value: “”C:\Program Files\facemoods.com\facemoods\1.4.17.0\facemoodssrv.exe” /md I”

Folders:
C:\Documents and Settings\Administrator\Application Data\facemoods.com
C:\Documents and Settings\All Users\Start Menu\Programs\Messenger Assist
C:\Program Files\facemoods.com\facemoods
C:\Program Files\Messenger Assist

Files:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Messenger Assist.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Messenger Assist\Messenger Assist on the Web.url
C:\Documents and Settings\All Users\Start Menu\Programs\Messenger Assist\Messenger Assist.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Messenger Assist\Uninstall.lnk
C:\Program Files\facemoods.com\facemoods\1.4.17.0\bh\facemoods.dll
C:\Program Files\facemoods.com\facemoods\1.4.17.0\facemoods.crx
C:\Program Files\facemoods.com\facemoods\1.4.17.0\facemoods.png
C:\Program Files\facemoods.com\facemoods\1.4.17.0\facemoodsApp.dll
C:\Program Files\facemoods.com\facemoods\1.4.17.0\facemoodsEng.dll
C:\Program Files\facemoods.com\facemoods\1.4.17.0\facemoodssrv.exe
C:\Program Files\facemoods.com\facemoods\1.4.17.0\facemoodsTlbr.dll
C:\Program Files\Messenger Assist\facemoods.exe
C:\Program Files\Messenger Assist\InternalUtils.dll
C:\Program Files\Messenger Assist\Interop.iTunesLib.dll
C:\Program Files\Messenger Assist\MessengerAssist.exe

—————————————————————————————————————————-
Classification:

Antivirus Version Last Update Result
F-Secure 9.0.16160.0 2010.10.25 Gen:Adware.Heur.qq1@R8TEFdhi
Kaspersky 7.0.0.125 2010.10.25 -
Microsoft 1.6301 2010.10.24 -
NOD32 5560 2010.10.24 Win32/Adware.MarketScore.A

—————————————————————————————————————————-

MD5 8b619ceff228486a661158e448598fb5

SHA1 907f3ef94ba09be7de0e9336db8f95552e607416

SHA256 0e858b47025a2ff4be970c9ebaa676b46ae20b39903eb153eb912677f7c8c6cc

—————————————————————————————————————————-


Installation
When the program is executed, it creates the following registry subkeys and values:

———————————-
Keys added:209
———————————-
HKLM\Software\Classes\AppID\escort.DLL
HKLM\Software\Classes\AppID\esrv.EXE
HKLM\Software\Classes\AppID\{5B1881D1-D9C7-46df-B041-1E593282C7D0}
HKLM\Software\Classes\AppID\{5B1881D1-D9C7-46df-B041-1E593282C7D0}\Instl
HKLM\Software\Classes\AppID\{5B1881D1-D9C7-46df-B041-1E593282C7D0}\Instl\Data
HKLM\Software\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
HKLM\Software\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}
HKLM\Software\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}\InprocServer32
HKLM\Software\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}\ProgID
HKLM\Software\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}\Programmable
HKLM\Software\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}\TypeLib
HKLM\Software\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}\VersionIndependentProgID
HKLM\Software\Classes\CLSID\{929801A8-4AEF-4d12-BE31-D85BF666452B}
HKLM\Software\Classes\CLSID\{929801A8-4AEF-4d12-BE31-D85BF666452B}\Implemented Categories
HKLM\Software\Classes\CLSID\{929801A8-4AEF-4d12-BE31-D85BF666452B}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
HKLM\Software\Classes\CLSID\{929801A8-4AEF-4d12-BE31-D85BF666452B}\InprocServer32
HKLM\Software\Classes\CLSID\{929801A8-4AEF-4d12-BE31-D85BF666452B}\Instance
HKLM\Software\Classes\CLSID\{929801A8-4AEF-4d12-BE31-D85BF666452B}\Instance\InitPropertyBag
HKLM\Software\Classes\CLSID\{929801A8-4AEF-4d12-BE31-D85BF666452B}\ProgID
HKLM\Software\Classes\CLSID\{929801A8-4AEF-4d12-BE31-D85BF666452B}\Programmable
HKLM\Software\Classes\CLSID\{929801A8-4AEF-4d12-BE31-D85BF666452B}\TypeLib
HKLM\Software\Classes\CLSID\{929801A8-4AEF-4d12-BE31-D85BF666452B}\VersionIndependentProgID
HKLM\Software\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}
HKLM\Software\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}\InprocServer32
HKLM\Software\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}\ProgID
HKLM\Software\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}\Programmable
HKLM\Software\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}\TypeLib
HKLM\Software\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}\VersionIndependentProgID
HKLM\Software\Classes\CLSID\{AD20D01C-C939-4dd2-8C55-56935A48987E}
HKLM\Software\Classes\CLSID\{AD20D01C-C939-4dd2-8C55-56935A48987E}\InprocServer32
HKLM\Software\Classes\CLSID\{AD20D01C-C939-4dd2-8C55-56935A48987E}\ProgID
HKLM\Software\Classes\CLSID\{AD20D01C-C939-4dd2-8C55-56935A48987E}\Programmable
HKLM\Software\Classes\CLSID\{AD20D01C-C939-4dd2-8C55-56935A48987E}\TypeLib
HKLM\Software\Classes\CLSID\{AD20D01C-C939-4dd2-8C55-56935A48987E}\VersionIndependentProgID
HKLM\Software\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}
HKLM\Software\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}\InprocServer32
HKLM\Software\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}\ProgID
HKLM\Software\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}\Programmable
HKLM\Software\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}\TypeLib
HKLM\Software\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}\VersionIndependentProgID
HKLM\Software\Classes\CLSID\{DDE2C74F-58CC-4d71-8CE1-09DEBB8CFB78}
HKLM\Software\Classes\CLSID\{DDE2C74F-58CC-4d71-8CE1-09DEBB8CFB78}\InprocServer32
HKLM\Software\Classes\CLSID\{DDE2C74F-58CC-4d71-8CE1-09DEBB8CFB78}\ProgID
HKLM\Software\Classes\CLSID\{DDE2C74F-58CC-4d71-8CE1-09DEBB8CFB78}\Programmable
HKLM\Software\Classes\CLSID\{DDE2C74F-58CC-4d71-8CE1-09DEBB8CFB78}\TypeLib
HKLM\Software\Classes\CLSID\{DDE2C74F-58CC-4d71-8CE1-09DEBB8CFB78}\VersionIndependentProgID
HKLM\Software\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}
HKLM\Software\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}\LocalServer32
HKLM\Software\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}\ProgID
HKLM\Software\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}\Programmable
HKLM\Software\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}\TypeLib
HKLM\Software\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}\VersionIndependentProgID
HKLM\Software\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
HKLM\Software\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}\ProxyStubClsid
HKLM\Software\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}\ProxyStubClsid32
HKLM\Software\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}\TypeLib
HKLM\Software\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
HKLM\Software\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}\ProxyStubClsid
HKLM\Software\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}\ProxyStubClsid32
HKLM\Software\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}\TypeLib
HKLM\Software\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
HKLM\Software\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}\ProxyStubClsid
HKLM\Software\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}\ProxyStubClsid32
HKLM\Software\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}\TypeLib
HKLM\Software\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
HKLM\Software\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}\ProxyStubClsid
HKLM\Software\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}\ProxyStubClsid32
HKLM\Software\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}\TypeLib
HKLM\Software\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
HKLM\Software\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}\ProxyStubClsid
HKLM\Software\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}\ProxyStubClsid32
HKLM\Software\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}\TypeLib
HKLM\Software\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
HKLM\Software\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}\ProxyStubClsid
HKLM\Software\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}\ProxyStubClsid32
HKLM\Software\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}\TypeLib
HKLM\Software\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
HKLM\Software\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}\ProxyStubClsid
HKLM\Software\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}\ProxyStubClsid32
HKLM\Software\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}\TypeLib
HKLM\Software\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
HKLM\Software\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}\ProxyStubClsid
HKLM\Software\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}\ProxyStubClsid32
HKLM\Software\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}\TypeLib
HKLM\Software\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
HKLM\Software\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}\ProxyStubClsid
HKLM\Software\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}\ProxyStubClsid32
HKLM\Software\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}\TypeLib
HKLM\Software\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
HKLM\Software\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}\ProxyStubClsid
HKLM\Software\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}\ProxyStubClsid32
HKLM\Software\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}\TypeLib
HKLM\Software\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
HKLM\Software\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}\ProxyStubClsid
HKLM\Software\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}\ProxyStubClsid32
HKLM\Software\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}\TypeLib
HKLM\Software\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
HKLM\Software\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}\ProxyStubClsid
HKLM\Software\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}\ProxyStubClsid32
HKLM\Software\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}\TypeLib
HKLM\Software\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
HKLM\Software\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}\ProxyStubClsid
HKLM\Software\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}\ProxyStubClsid32
HKLM\Software\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}\TypeLib
HKLM\Software\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
HKLM\Software\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}\ProxyStubClsid
HKLM\Software\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}\ProxyStubClsid32
HKLM\Software\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}\TypeLib
HKLM\Software\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
HKLM\Software\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}\ProxyStubClsid
HKLM\Software\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}\ProxyStubClsid32
HKLM\Software\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}\TypeLib
HKLM\Software\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
HKLM\Software\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}\ProxyStubClsid
HKLM\Software\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}\ProxyStubClsid32
HKLM\Software\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}\TypeLib
HKLM\Software\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
HKLM\Software\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}\ProxyStubClsid
HKLM\Software\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}\ProxyStubClsid32
HKLM\Software\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}\TypeLib
HKLM\Software\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
HKLM\Software\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}\1.0
HKLM\Software\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}\1.0\0
HKLM\Software\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}\1.0\0\win32
HKLM\Software\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}\1.0\FLAGS
HKLM\Software\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}\1.0\HELPDIR
HKLM\Software\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}
HKLM\Software\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}\1.0
HKLM\Software\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}\1.0\0
HKLM\Software\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}\1.0\0\win32
HKLM\Software\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}\1.0\FLAGS
HKLM\Software\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}\1.0\HELPDIR
HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\1.0
HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\1.0\0
HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\1.0\0\win32
HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\1.0\FLAGS
HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\1.0\HELPDIR
HKLM\Software\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}
HKLM\Software\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}\1.0
HKLM\Software\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}\1.0\0
HKLM\Software\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}\1.0\0\win32
HKLM\Software\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}\1.0\FLAGS
HKLM\Software\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}\1.0\HELPDIR
HKLM\Software\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
HKLM\Software\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}\1.0
HKLM\Software\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}\1.0\0
HKLM\Software\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}\1.0\0\win32
HKLM\Software\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}\1.0\FLAGS
HKLM\Software\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}\1.0\HELPDIR
HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\1.0
HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\1.0\0
HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\1.0\0\win32
HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\1.0\FLAGS
HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\1.0\HELPDIR
HKLM\Software\Classes\escort.escortIEPane
HKLM\Software\Classes\escort.escortIEPane\CLSID
HKLM\Software\Classes\escort.escortIEPane\CurVer
HKLM\Software\Classes\escort.escortIEPane.1
HKLM\Software\Classes\escort.escortIEPane.1\CLSID
HKLM\Software\Classes\escort.escrtBtn.1
HKLM\Software\Classes\escort.escrtBtn.1\CLSID
HKLM\Software\Classes\escort.escrtBtn.1\CurVer
HKLM\Software\Classes\esrv.escrtSrvc
HKLM\Software\Classes\esrv.escrtSrvc\CLSID
HKLM\Software\Classes\esrv.escrtSrvc\CurVer
HKLM\Software\Classes\esrv.escrtSrvc.1
HKLM\Software\Classes\esrv.escrtSrvc.1\CLSID
HKLM\Software\Classes\facemoods.dskBnd
HKLM\Software\Classes\facemoods.dskBnd\CLSID
HKLM\Software\Classes\facemoods.dskBnd\CurVer
HKLM\Software\Classes\facemoods.dskBnd.1
HKLM\Software\Classes\facemoods.dskBnd.1\CLSID
HKLM\Software\Classes\facemoods.facemoodsHlpr
HKLM\Software\Classes\facemoods.facemoodsHlpr\CLSID
HKLM\Software\Classes\facemoods.facemoodsHlpr\CurVer
HKLM\Software\Classes\facemoods.facemoodsHlpr.1
HKLM\Software\Classes\facemoods.facemoodsHlpr.1\CLSID
HKLM\Software\Classes\facemoods.xtrnl
HKLM\Software\Classes\facemoods.xtrnl\CLSID
HKLM\Software\Classes\facemoods.xtrnl\CurVer
HKLM\Software\Classes\facemoods.xtrnl.1
HKLM\Software\Classes\facemoods.xtrnl.1\CLSID
HKLM\Software\Classes\facemoodsApp.appCore
HKLM\Software\Classes\facemoodsApp.appCore\CLSID
HKLM\Software\Classes\facemoodsApp.appCore\CurVer
HKLM\Software\Classes\facemoodsApp.appCore.1
HKLM\Software\Classes\facemoodsApp.appCore.1\CLSID
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4f05-9A6E-5D3B778EC567}
HKLM\Software\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486b-A045-B233BD0DA8FC}
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\facemoods
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9388F8B2-B5F1-4E9B-A3EB-BC510F317690}_is1
HKLM\Software\facemoods.com
HKLM\Software\facemoods.com\facemoods
HKLM\Software\facemoods.com\facemoods\Instl
HKLM\Software\facemoods.com\facemoods\Instl\Install
HKLM\Software\Google
HKLM\Software\Google\chrome
HKLM\Software\Google\chrome\Extensions
HKLM\Software\Google\chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
HKCU\Software\facemoods.com
HKCU\Software\facemoods.com\facemoods
HKCU\Software\facemoods.com\facemoods\instl
HKCU\Software\facemoods.com\facemoods\instl\Install

———————————-
Values added:250
———————————-
HKLM\Software\Classes\AppID\escort.DLL\AppID: “{5B1881D1-D9C7-46df-B041-1E593282C7D0}”
HKLM\Software\Classes\AppID\esrv.EXE\AppID: “{AD25754E-D76C-42B3-A335-2F81478B722F}”
HKLM\Software\Classes\AppID\{5B1881D1-D9C7-46df-B041-1E593282C7D0}\Instl\Data\afltId: “falco”
HKLM\Software\Classes\AppID\{5B1881D1-D9C7-46df-B041-1E593282C7D0}\Instl\Data\cntrlId: “ac332ff6000000000000000c2982064b”
HKLM\Software\Classes\AppID\{5B1881D1-D9C7-46df-B041-1E593282C7D0}\Instl\Data\hrdId: “ac332ff6000000000000000c2982064b”
HKLM\Software\Classes\AppID\{5B1881D1-D9C7-46df-B041-1E593282C7D0}\Instl\Data\instlDay: 0x00003A3B
HKLM\Software\Classes\AppID\{5B1881D1-D9C7-46df-B041-1E593282C7D0}\Instl\Data\prtnrId: “facemoods.com”
HKLM\Software\Classes\AppID\{5B1881D1-D9C7-46df-B041-1E593282C7D0}\Instl\Data\sftId: “40e99abc12034c1db8364f5c9f95b592″
HKLM\Software\Classes\AppID\{5B1881D1-D9C7-46df-B041-1E593282C7D0}\: “escort”
HKLM\Software\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}\: “esrv”
HKLM\Software\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}\VersionIndependentProgID\: “facemoods.facemoodsHlpr”
HKLM\Software\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}\TypeLib\: “{09C554C3-109B-483C-A06B-F14172F1A947}”
HKLM\Software\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}\ProgID\: “facemoods.facemoodsHlpr.1″
HKLM\Software\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}\InprocServer32\: “C:\Program Files\facemoods.com\facemoods\1.4.17.0\bh\facemoods.dll”
HKLM\Software\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}\InprocServer32\ThreadingModel: “apartment”
HKLM\Software\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}\: “CescrtHlpr Object”
HKLM\Software\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}\AppID: “{5B1881D1-D9C7-46df-B041-1E593282C7D0}”
HKLM\Software\Classes\CLSID\{929801A8-4AEF-4d12-BE31-D85BF666452B}\Instance\InitPropertyBag\URL: “about:blank”
HKLM\Software\Classes\CLSID\{929801A8-4AEF-4d12-BE31-D85BF666452B}\VersionIndependentProgID\: “escort.escortIEPane”
HKLM\Software\Classes\CLSID\{929801A8-4AEF-4d12-BE31-D85BF666452B}\TypeLib\: “{09C554C3-109B-483C-A06B-F14172F1A947}”
HKLM\Software\Classes\CLSID\{929801A8-4AEF-4d12-BE31-D85BF666452B}\ProgID\: “escort.escortIEPane.1″
HKLM\Software\Classes\CLSID\{929801A8-4AEF-4d12-BE31-D85BF666452B}\Instance\CLSID: “{929801A8-4AEF-4d12-BE31-D85BF666452B}”
HKLM\Software\Classes\CLSID\{929801A8-4AEF-4d12-BE31-D85BF666452B}\InprocServer32\: “C:\Program Files\facemoods.com\facemoods\1.4.17.0\bh\facemoods.dll”
HKLM\Software\Classes\CLSID\{929801A8-4AEF-4d12-BE31-D85BF666452B}\InprocServer32\ThreadingModel: “apartment”
HKLM\Software\Classes\CLSID\{929801A8-4AEF-4d12-BE31-D85BF666452B}\: “facemoods.com”
HKLM\Software\Classes\CLSID\{929801A8-4AEF-4d12-BE31-D85BF666452B}\AppID: “{5B1881D1-D9C7-46df-B041-1E593282C7D0}”
HKLM\Software\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}\VersionIndependentProgID\: “facemoods.xtrnl”
HKLM\Software\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}\TypeLib\: “{B12E99ED-69BD-437C-86BE-C862B9E5444D}”
HKLM\Software\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}\ProgID\: “facemoods.xtrnl.1″
HKLM\Software\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}\InprocServer32\: “C:\Program Files\facemoods.com\facemoods\1.4.17.0\facemoodsEng.dll”
HKLM\Software\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}\InprocServer32\ThreadingModel: “apartment”
HKLM\Software\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}\: “escrtAx Object”
HKLM\Software\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}\AppID: “”
HKLM\Software\Classes\CLSID\{AD20D01C-C939-4dd2-8C55-56935A48987E}\VersionIndependentProgID\: “facemoodsApp.appCore”
HKLM\Software\Classes\CLSID\{AD20D01C-C939-4dd2-8C55-56935A48987E}\TypeLib\: “{D7EE8177-D51E-4F89-92B6-83EA2EC40800}”
HKLM\Software\Classes\CLSID\{AD20D01C-C939-4dd2-8C55-56935A48987E}\ProgID\: “facemoodsApp.appCore.1″
HKLM\Software\Classes\CLSID\{AD20D01C-C939-4dd2-8C55-56935A48987E}\InprocServer32\: “C:\Program Files\facemoods.com\facemoods\1.4.17.0\facemoodsApp.dll”
HKLM\Software\Classes\CLSID\{AD20D01C-C939-4dd2-8C55-56935A48987E}\InprocServer32\ThreadingModel: “apartment”
HKLM\Software\Classes\CLSID\{AD20D01C-C939-4dd2-8C55-56935A48987E}\: “appCore Object”
HKLM\Software\Classes\CLSID\{AD20D01C-C939-4dd2-8C55-56935A48987E}\AppID: “”
HKLM\Software\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}\VersionIndependentProgID\: “facemoods.dskBnd”
HKLM\Software\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}\TypeLib\: “{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}”
HKLM\Software\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}\ProgID\: “facemoods.dskBnd.1″
HKLM\Software\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}\InprocServer32\: “C:\Program Files\facemoods.com\facemoods\1.4.17.0\facemoodsTlbr.dll”
HKLM\Software\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}\InprocServer32\ThreadingModel: “apartment”
HKLM\Software\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}\: “facemoods Toolbar”
HKLM\Software\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}\AppID: “”
HKLM\Software\Classes\CLSID\{DDE2C74F-58CC-4d71-8CE1-09DEBB8CFB78}\VersionIndependentProgID\: “escort.escrtBtn.1″
HKLM\Software\Classes\CLSID\{DDE2C74F-58CC-4d71-8CE1-09DEBB8CFB78}\TypeLib\: “{09C554C3-109B-483C-A06B-F14172F1A947}”
HKLM\Software\Classes\CLSID\{DDE2C74F-58CC-4d71-8CE1-09DEBB8CFB78}\ProgID\: “escort.escrtBtn.1″
HKLM\Software\Classes\CLSID\{DDE2C74F-58CC-4d71-8CE1-09DEBB8CFB78}\InprocServer32\: “C:\Program Files\facemoods.com\facemoods\1.4.17.0\bh\facemoods.dll”
HKLM\Software\Classes\CLSID\{DDE2C74F-58CC-4d71-8CE1-09DEBB8CFB78}\InprocServer32\ThreadingModel: “apartment”
HKLM\Software\Classes\CLSID\{DDE2C74F-58CC-4d71-8CE1-09DEBB8CFB78}\: “escrtBtn Object”
HKLM\Software\Classes\CLSID\{DDE2C74F-58CC-4d71-8CE1-09DEBB8CFB78}\AppID: “{5B1881D1-D9C7-46df-B041-1E593282C7D0}”
HKLM\Software\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}\VersionIndependentProgID\: “esrv.escrtSrvc”
HKLM\Software\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}\TypeLib\: “{AD25754E-D76C-42B3-A335-2F81478B722F}”
HKLM\Software\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}\ProgID\: “esrv.escrtSrvc.1″
HKLM\Software\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}\LocalServer32\: “”C:\Program Files\facemoods.com\facemoods\1.4.17.0\facemoodssrv.exe””
HKLM\Software\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}\LocalServer32\ThreadingModel: “apartment”
HKLM\Software\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}\: “escrtSrvc Object”
HKLM\Software\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}\AppID: “{AD25754E-D76C-42B3-A335-2F81478B722F}”
HKLM\Software\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}\TypeLib\: “{12A5F606-B1EC-474C-83ED-95E99FD8058E}”
HKLM\Software\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}\TypeLib\Version: “1.0″
HKLM\Software\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}\ProxyStubClsid32\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}\ProxyStubClsid\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}\: “IxpEmphszr”
HKLM\Software\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}\TypeLib\: “{12A5F606-B1EC-474C-83ED-95E99FD8058E}”
HKLM\Software\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}\TypeLib\Version: “1.0″
HKLM\Software\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}\ProxyStubClsid32\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}\ProxyStubClsid\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}\: “IwebAtrbts”
HKLM\Software\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}\TypeLib\: “{12A5F606-B1EC-474C-83ED-95E99FD8058E}”
HKLM\Software\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}\TypeLib\Version: “1.0″
HKLM\Software\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}\ProxyStubClsid32\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}\ProxyStubClsid\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}\: “IXmlCnfg”
HKLM\Software\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}\TypeLib\: “{12A5F606-B1EC-474C-83ED-95E99FD8058E}”
HKLM\Software\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}\TypeLib\Version: “1.0″
HKLM\Software\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}\ProxyStubClsid32\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}\ProxyStubClsid\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}\: “IXtrnlBsc”
HKLM\Software\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}\TypeLib\: “{AD25754E-D76C-42B3-A335-2F81478B722F}”
HKLM\Software\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}\TypeLib\Version: “1.0″
HKLM\Software\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}\ProxyStubClsid32\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}\ProxyStubClsid\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}\: “IescrtSrvc”
HKLM\Software\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}\TypeLib\: “{B12E99ED-69BD-437C-86BE-C862B9E5444D}”
HKLM\Software\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}\TypeLib\Version: “1.0″
HKLM\Software\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}\ProxyStubClsid32\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}\ProxyStubClsid\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}\: “IescrtAx”
HKLM\Software\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}\TypeLib\: “{12A5F606-B1EC-474C-83ED-95E99FD8058E}”
HKLM\Software\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}\TypeLib\Version: “1.0″
HKLM\Software\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}\ProxyStubClsid32\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}\ProxyStubClsid\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}\: “Ixtrnlmain”
HKLM\Software\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}\TypeLib\: “{12A5F606-B1EC-474C-83ED-95E99FD8058E}”
HKLM\Software\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}\TypeLib\Version: “1.0″
HKLM\Software\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}\ProxyStubClsid32\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}\ProxyStubClsid\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}\: “IappInfo”
HKLM\Software\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}\TypeLib\: “{12A5F606-B1EC-474C-83ED-95E99FD8058E}”
HKLM\Software\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}\TypeLib\Version: “1.0″
HKLM\Software\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}\ProxyStubClsid32\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}\ProxyStubClsid\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}\: “IesrvXtrnl”
HKLM\Software\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}\TypeLib\: “{12A5F606-B1EC-474C-83ED-95E99FD8058E}”
HKLM\Software\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}\TypeLib\Version: “1.0″
HKLM\Software\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}\ProxyStubClsid32\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}\ProxyStubClsid\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}\: “IReporter”
HKLM\Software\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}\TypeLib\: “{D7EE8177-D51E-4F89-92B6-83EA2EC40800}”
HKLM\Software\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}\TypeLib\Version: “1.0″
HKLM\Software\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}\ProxyStubClsid32\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}\ProxyStubClsid\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}\: “IappCore”
HKLM\Software\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}\TypeLib\: “{12A5F606-B1EC-474C-83ED-95E99FD8058E}”
HKLM\Software\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}\TypeLib\Version: “1.0″
HKLM\Software\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}\ProxyStubClsid32\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}\ProxyStubClsid\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}\: “IIEWndFct”
HKLM\Software\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}\TypeLib\: “{09C554C3-109B-483C-A06B-F14172F1A947}”
HKLM\Software\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}\TypeLib\Version: “1.0″
HKLM\Software\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}\ProxyStubClsid32\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}\ProxyStubClsid\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}\: “IescrtHlpr”
HKLM\Software\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}\TypeLib\: “{12A5F606-B1EC-474C-83ED-95E99FD8058E}”
HKLM\Software\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}\TypeLib\Version: “1.0″
HKLM\Software\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}\ProxyStubClsid32\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}\ProxyStubClsid\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}\: “IRegmapDisp”
HKLM\Software\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}\TypeLib\: “{12A5F606-B1EC-474C-83ED-95E99FD8058E}”
HKLM\Software\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}\TypeLib\Version: “1.0″
HKLM\Software\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}\ProxyStubClsid32\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}\ProxyStubClsid\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}\: “IEHostWnd”
HKLM\Software\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}\TypeLib\: “{09C554C3-109B-483C-A06B-F14172F1A947}”
HKLM\Software\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}\TypeLib\Version: “1.0″
HKLM\Software\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}\ProxyStubClsid32\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}\ProxyStubClsid\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}\: “IescrtBtn”
HKLM\Software\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}\TypeLib\: “{12A5F606-B1EC-474C-83ED-95E99FD8058E}”
HKLM\Software\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}\TypeLib\Version: “1.0″
HKLM\Software\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}\ProxyStubClsid32\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}\ProxyStubClsid\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}\: “IEvntCntr”
HKLM\Software\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}\1.0\0\win32\: “C:\Program Files\facemoods.com\facemoods\1.4.17.0\bh\facemoods.dll”
HKLM\Software\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}\1.0\HELPDIR\: “C:\Program Files\facemoods.com\facemoods\1.4.17.0\bh\”
HKLM\Software\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}\1.0\FLAGS\: “0″
HKLM\Software\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}\1.0\: “escort 1.0 Type Library”
HKLM\Software\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}\1.0\0\win32\: “C:\Program Files\facemoods.com\facemoods\1.4.17.0\facemoodssrv.exe\2″
HKLM\Software\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}\1.0\HELPDIR\: “C:\Program Files\facemoods.com\facemoods\1.4.17.0\”
HKLM\Software\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}\1.0\FLAGS\: “0″
HKLM\Software\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}\1.0\: “facemoodsCmn 1.0 Type Library”
HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\1.0\0\win32\: “C:\Program Files\facemoods.com\facemoods\1.4.17.0\facemoodsTlbr.dll”
HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\1.0\HELPDIR\: “C:\Program Files\facemoods.com\facemoods\1.4.17.0\”
HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\1.0\FLAGS\: “0″
HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\1.0\: “escorTlbr 1.0 Type Library”
HKLM\Software\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}\1.0\0\win32\: “C:\Program Files\facemoods.com\facemoods\1.4.17.0\facemoodssrv.exe”
HKLM\Software\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}\1.0\HELPDIR\: “C:\Program Files\facemoods.com\facemoods\1.4.17.0\”
HKLM\Software\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}\1.0\FLAGS\: “0″
HKLM\Software\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}\1.0\: “esrv 1.0 Type Library”
HKLM\Software\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}\1.0\0\win32\: “C:\Program Files\facemoods.com\facemoods\1.4.17.0\facemoodsEng.dll”
HKLM\Software\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}\1.0\HELPDIR\: “C:\Program Files\facemoods.com\facemoods\1.4.17.0\”
HKLM\Software\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}\1.0\FLAGS\: “0″
HKLM\Software\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}\1.0\: “escortEng 1.0 Type Library”
HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\1.0\0\win32\: “C:\Program Files\facemoods.com\facemoods\1.4.17.0\facemoodsApp.dll”
HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\1.0\HELPDIR\: “C:\Program Files\facemoods.com\facemoods\1.4.17.0\”
HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\1.0\FLAGS\: “0″
HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\1.0\: “escortApp 1.0 Type Library”
HKLM\Software\Classes\escort.escortIEPane\CurVer\: “escort.escortIEPane.1″
HKLM\Software\Classes\escort.escortIEPane\CLSID\: “{929801A8-4AEF-4d12-BE31-D85BF666452B}”
HKLM\Software\Classes\escort.escortIEPane\: “escortIEPane Object”
HKLM\Software\Classes\escort.escortIEPane.1\CLSID\: “{929801A8-4AEF-4d12-BE31-D85BF666452B}”
HKLM\Software\Classes\escort.escortIEPane.1\: “escortIEPane Object”
HKLM\Software\Classes\escort.escrtBtn.1\CurVer\: “escort.escrtBtn.1″
HKLM\Software\Classes\escort.escrtBtn.1\CLSID\: “{DDE2C74F-58CC-4d71-8CE1-09DEBB8CFB78}”
HKLM\Software\Classes\escort.escrtBtn.1\: “escrtBtn Object”
HKLM\Software\Classes\esrv.escrtSrvc\CurVer\: “esrv.escrtSrvc.1″
HKLM\Software\Classes\esrv.escrtSrvc\CLSID\: “{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}”
HKLM\Software\Classes\esrv.escrtSrvc\: “escrtSrvc Object”
HKLM\Software\Classes\esrv.escrtSrvc.1\CLSID\: “{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}”
HKLM\Software\Classes\esrv.escrtSrvc.1\: “escrtSrvc Object”
HKLM\Software\Classes\facemoods.dskBnd\CurVer\: “facemoods.dskBnd.1″
HKLM\Software\Classes\facemoods.dskBnd\CLSID\: “{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}”
HKLM\Software\Classes\facemoods.dskBnd\: “CDskBnd Object”
HKLM\Software\Classes\facemoods.dskBnd.1\CLSID\: “{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}”
HKLM\Software\Classes\facemoods.dskBnd.1\: “CDskBnd Object”
HKLM\Software\Classes\facemoods.facemoodsHlpr\CurVer\: “facemoods.facemoodsHlpr.1″
HKLM\Software\Classes\facemoods.facemoodsHlpr\CLSID\: “{64182481-4F71-486b-A045-B233BD0DA8FC}”
HKLM\Software\Classes\facemoods.facemoodsHlpr\: “CescrtHlpr Object”
HKLM\Software\Classes\facemoods.facemoodsHlpr.1\CLSID\: “{64182481-4F71-486b-A045-B233BD0DA8FC}”
HKLM\Software\Classes\facemoods.facemoodsHlpr.1\: “CescrtHlpr Object”
HKLM\Software\Classes\facemoods.xtrnl\CurVer\: “facemoods.xtrnl.1″
HKLM\Software\Classes\facemoods.xtrnl\CLSID\: “{A5B99E41-E157-4209-8AAC-DB003A816079}”
HKLM\Software\Classes\facemoods.xtrnl\: “escrtAx Object”
HKLM\Software\Classes\facemoods.xtrnl.1\CLSID\: “{A5B99E41-E157-4209-8AAC-DB003A816079}”
HKLM\Software\Classes\facemoods.xtrnl.1\: “escrtAx Object”
HKLM\Software\Classes\facemoodsApp.appCore\CurVer\: “facemoodsApp.appCore.1″
HKLM\Software\Classes\facemoodsApp.appCore\CLSID\: “{AD20D01C-C939-4dd2-8C55-56935A48987E}”
HKLM\Software\Classes\facemoodsApp.appCore\: “appCore Object”
HKLM\Software\Classes\facemoodsApp.appCore.1\CLSID\: “{AD20D01C-C939-4dd2-8C55-56935A48987E}”
HKLM\Software\Classes\facemoodsApp.appCore.1\: “appCore Object”
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4f05-9A6E-5D3B778EC567}\Policy: 0×00000003
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4f05-9A6E-5D3B778EC567}\AppName: “facemoodssrv.exe”
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4f05-9A6E-5D3B778EC567}\AppPath: “C:\Program Files\facemoods.com\facemoods\1.4.17.0″
HKLM\Software\Microsoft\Internet Explorer\Search\SearchAssistant: “http://start.facemoods.com/?a=falco&s={searchTerms}&f=4″
HKLM\Software\Microsoft\Internet Explorer\Toolbar\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}: “facemoods Toolbar”
HKLM\Software\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob: 04 00 00 /…/ 4E 86 04
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486b-A045-B233BD0DA8FC}\: “facemoods Helper”
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486b-A045-B233BD0DA8FC}\NoExplorer: 0×00000001
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\facemoods: “”C:\Program Files\facemoods.com\facemoods\1.4.17.0\facemoodssrv.exe” /md I”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\facemoods\DisplayName: “facemoods”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\facemoods\UninstallString: “”C:\Program Files\facemoods.com\facemoods\1.4.17.0\uninstall.exe””
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\facemoods\NoModify: 0×00000001
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\facemoods\NoRepair: 0×00000001
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9388F8B2-B5F1-4E9B-A3EB-BC510F317690}_is1\Inno Setup: Setup Version: “5.3.6 (a)”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9388F8B2-B5F1-4E9B-A3EB-BC510F317690}_is1\Inno Setup: App Path: “C:\Program Files\Messenger Assist”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9388F8B2-B5F1-4E9B-A3EB-BC510F317690}_is1\InstallLocation: “C:\Program Files\Messenger Assist\”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9388F8B2-B5F1-4E9B-A3EB-BC510F317690}_is1\Inno Setup: Icon Group: “Messenger Assist”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9388F8B2-B5F1-4E9B-A3EB-BC510F317690}_is1\Inno Setup: User: “Administrator”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9388F8B2-B5F1-4E9B-A3EB-BC510F317690}_is1\Inno Setup: Selected Tasks: “”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9388F8B2-B5F1-4E9B-A3EB-BC510F317690}_is1\Inno Setup: Deselected Tasks: “desktopicon,quicklaunchicon”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9388F8B2-B5F1-4E9B-A3EB-BC510F317690}_is1\DisplayName: “Messenger Assist 1.1″
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9388F8B2-B5F1-4E9B-A3EB-BC510F317690}_is1\UninstallString: “”C:\Program Files\Messenger Assist\unins000.exe””
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9388F8B2-B5F1-4E9B-A3EB-BC510F317690}_is1\QuietUninstallString: “”C:\Program Files\Messenger Assist\unins000.exe” /SILENT”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9388F8B2-B5F1-4E9B-A3EB-BC510F317690}_is1\Publisher: “BookmarkSoft. IM tools”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9388F8B2-B5F1-4E9B-A3EB-BC510F317690}_is1\URLInfoAbout: “http://www.MessengerAssist.com/”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9388F8B2-B5F1-4E9B-A3EB-BC510F317690}_is1\HelpLink: “http://www.MessengerAssist.com/”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9388F8B2-B5F1-4E9B-A3EB-BC510F317690}_is1\URLUpdateInfo: “http://www.MessengerAssist.com/”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9388F8B2-B5F1-4E9B-A3EB-BC510F317690}_is1\NoModify: 0×00000001
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9388F8B2-B5F1-4E9B-A3EB-BC510F317690}_is1\NoRepair: 0×00000001
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9388F8B2-B5F1-4E9B-A3EB-BC510F317690}_is1\InstallDate: “20101025″
HKLM\Software\facemoods.com\facemoods\Instl\Install\SearchAssistant: “”
HKLM\Software\facemoods.com\facemoods\Instl\Install\Use Custom Search URL: 0×00000000
HKLM\Software\facemoods.com\facemoods\Instl\InstallDir: “C:\Program Files\facemoods.com\facemoods\1.4.17.0″
HKLM\Software\facemoods.com\facemoods\Instl\afltKey: “ac332ff6000000000000000c2982064b ”
HKLM\Software\Google\chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif\path: “C:\Program Files\facemoods.com\facemoods\1.4.17.0\facemoods.crx”
HKLM\Software\Google\chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif\version: “1.2.0″
HKCU\Software\Microsoft\Internet Explorer\Main\Use Custom Search URL: 0×00000000
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}\URL: “http://start.facemoods.com/?a=falco&s={searchTerms}&f=4″
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}\DisplayName: “Search”
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore\Type: 0×00000001
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore\Flags: 0×00000000
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore\Count: 0×00000002
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore\Time: DA 07 0A 00 01 00 19 00 05 00 20 00 2D 00 20 03
HKCU\Software\facemoods.com\facemoods\instl\Install\Start Page: “about:blank”
HKCU\Software\facemoods.com\facemoods\instl\Install\newTabSrch: “res://ieframe.dll/tabswelcome.htm”
HKCU\Software\facemoods.com\facemoods\instl\tlbrSrchUrl: “http://start.facemoods.com/?a=falco&f=3″
HKCU\Software\facemoods.com\facemoods\instl\DNSErrUrl: “http://start.facemoods.com/?a=falco&f=5″

———————————-
Values modified:9
———————————-
(-) HKLM\Software\Microsoft\Internet Explorer\AboutURLs\Tabs: “res://ieframe.dll/tabswelcome.htm”
(+) HKLM\Software\Microsoft\Internet Explorer\AboutURLs\Tabs: “http://start.facemoods.com/?a=falco&f=2″
(-) HKCU\Software\Microsoft\Internet Explorer\Main\Start Page: “about:blank”
(+) HKCU\Software\Microsoft\Internet Explorer\Main\Start Page: “http://start.facemoods.com/?a=falco”
(-) HKCU\Software\Microsoft\Internet Explorer\PhishingFilter\ShownVerifyBalloon: 0×00000002
(+) HKCU\Software\Microsoft\Internet Explorer\PhishingFilter\ShownVerifyBalloon: 0×00000003
(-) HKCU\Software\Microsoft\Internet Explorer\SearchScopes\DefaultScope: “{0633EE93-D776-472f-A0FF-E1416B8B2E3A}”
(+) HKCU\Software\Microsoft\Internet Explorer\SearchScopes\DefaultScope: “{0D7562AE-8EF6-416d-A838-AB665251703A}”
(-) HKCU\Software\Microsoft\Internet Explorer\Security\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F\UserFile: 01 00 00 /…/ 9B C9 B7
(+) HKCU\Software\Microsoft\Internet Explorer\Security\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F\UserFile: 01 00 00 /…/ 13 BD 6F
(-) HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore\Count: 0×00000009
(+) HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore\Count: 0x0000000B
(-) HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore\Time: DA 07 0A 00 01 00 0B 00 08 00 2B 00 35 00 AC 03
(+) HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore\Time: DA 07 0A 00 01 00 19 00 05 00 20 00 20 00 DC 01
(-) HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2E2DD38-D088-4134-82B7-F2BA38496583}\iexplore\Count: 0×00000009
(+) HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2E2DD38-D088-4134-82B7-F2BA38496583}\iexplore\Count: 0x0000000B
(-) HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2E2DD38-D088-4134-82B7-F2BA38496583}\iexplore\Time: DA 07 0A 00 01 00 0B 00 08 00 2B 00 36 00 60 00
(+) HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2E2DD38-D088-4134-82B7-F2BA38496583}\iexplore\Time: DA 07 0A 00 01 00 19 00 05 00 20 00 20 00 88 02

———————————-
Files added:71
———————————-
C:\Documents and Settings\Administrator\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
C:\Documents and Settings\Administrator\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
C:\Documents and Settings\Administrator\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
C:\Documents and Settings\Administrator\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\chrome.manifest
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\components\FFHst.dll
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\components\FFHst.xpt
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\facemoods.css
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\facemoods.png
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\facemoods.xul
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\fcmdDef.js
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\images\facebook_But.png
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\images\facebook_But2.png
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\images\facemoods.png
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\images\fb.gif
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\images\fbhome.gif
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\images\fbmsgs.gif
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\images\fbphotos.gif
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\images\fbprofile.gif
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\images\fbsettings.gif
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\images\fbshare.gif
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\images\fbuploads.gif
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\images\help_16.gif
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\images\home.gif
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\images\ibario_ball.png
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\images\logo.png
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\images\moodsIcon.png
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\images\pref.jpg
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\images\privecy_16_hot.gif
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\images\stripicons.png
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\images\tellafriend.gif
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\images\Thumbs.db
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\images\vssver.scc
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\instlgc.js
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\JSonButtons.js
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\Loader.js
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\mtrprt.js
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\newTabLgc.js
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\PPCB.js
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\preferences\preferences.js
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\preferences\preferences.xul
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\prefman.js
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\script-compiler.js
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\Thumbs.db
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\utils.js
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\vssver.scc
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\xmlhttprequester.js
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\xpiInstallLgc.js
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\defaults\preferences\instlPref.js
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\defaults\preferences\vssver.scc
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\install.rdf
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\vssver.scc
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Messenger Assist.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Messenger Assist\Messenger Assist on the Web.url
C:\Documents and Settings\All Users\Start Menu\Programs\Messenger Assist\Messenger Assist.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Messenger Assist\Uninstall.lnk
C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrchfalco.xml
C:\Program Files\facemoods.com\facemoods\1.4.17.0\bh\facemoods.dll
C:\Program Files\facemoods.com\facemoods\1.4.17.0\facemoods.crx
C:\Program Files\facemoods.com\facemoods\1.4.17.0\facemoods.png
C:\Program Files\facemoods.com\facemoods\1.4.17.0\facemoodsApp.dll
C:\Program Files\facemoods.com\facemoods\1.4.17.0\facemoodsEng.dll
C:\Program Files\facemoods.com\facemoods\1.4.17.0\facemoodssrv.exe
C:\Program Files\facemoods.com\facemoods\1.4.17.0\facemoodsTlbr.dll
C:\Program Files\facemoods.com\facemoods\1.4.17.0\uninstall.exe
C:\Program Files\Messenger Assist\facemoods.exe
C:\Program Files\Messenger Assist\InternalUtils.dll
C:\Program Files\Messenger Assist\Interop.iTunesLib.dll
C:\Program Files\Messenger Assist\MessengerAssist.exe
C:\Program Files\Messenger Assist\unins000.dat
C:\Program Files\Messenger Assist\unins000.exe

———————————-
Files deleted:1
———————————-
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions.cache

———————————-
Files [attributes?] modified:2
———————————-
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat

———————————-
Folders added:18
———————————-
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\chrome
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\components
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\images
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\preferences
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\defaults
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\defaults\preferences
C:\Documents and Settings\Administrator\Application Data\facemoods.com
C:\Documents and Settings\Administrator\Application Data\facemoods.com\facemoods
C:\Documents and Settings\Administrator\Local Settings\Application Data\Messenger Assist
C:\Documents and Settings\Administrator\Local Settings\Temp\is-K64SB.tmp
C:\Documents and Settings\All Users\Start Menu\Programs\Messenger Assist
C:\Program Files\facemoods.com
C:\Program Files\facemoods.com\facemoods
C:\Program Files\facemoods.com\facemoods\1.4.17.0
C:\Program Files\facemoods.com\facemoods\1.4.17.0\bh
C:\Program Files\Messenger Assist

———————————-
Total changes:560
———————————-

—————————————————————————————————————————-
Recommended software:
UnHackMe anti-rootkit and anti-malware
http://www.unhackme.com
RegRun Security Suite (Good choice for removal and protection)
http://www.regrun.com

UnHackMe removes malware invisible for your antivirus!

Free Download

UnHackMe is compatible with most antivirus software.
UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. VirusTotal (0/56).
System Requirements: Windows 2000-Windows 8.1. UnHackMe uses minimum of computer resources.

Testimonials:

Simon:
UnHackMe is a success where others have failed. We have used the software for sometime. Thank you for a great product, which actually works and we believe in the developers.

Bob:
The UnHackMe is a real program, no spyware or phish and works great and is easy to use. Enjoy!

4 responses on “Removed: facemoods.dll, facemoodssrv.exe, facemoodsTlbr.dll, MessengerAssist.exe (adware MarketScore)

  1. szilveszter

    Not too hard to remove, as the uninstaller is in the folder, after that u should unregister the kept dll-s with regasm (in some IE cases with regsvr32) after that if u using mozilla just remove from users/appdata/urprofile(win 7 roaming)/mozilla/profile/xxx/extension/xxxfacemoods just delete the whole folder and here we go.:)

  2. BobboGbg

    In Europe you have to find facemoods under C:programfacemoods. Go out into DOS and after the prompt in C:Program write erase C:facemoods and the system will ask – y or n – (in scandinavian countries- j or n) – That will do it! If you do reg. scan later and delete all lose connections – facemoods have disapeared.

  3. BobboGbg

    I am sorry but I was a bit hasty in my previous message, facemoods is a bit more difficult than I indicated, I will be back! For the moment the damned program has just hide somewhere…

    I am rather interessed in these small apps, programs or what you call them, I am sure that Microsoft who have open the whole browser for the those programs as they are more irritating than viruses, viruses are nothing compared to these small devils…

    I am also sure that GNU and Mozilla will gain in the end…, but they are interesting small bastard!

    Sorry…, again for my hasty message.

    bobbogbg

Leave a Reply