Removed: facemoods.dll, facemoodssrv.exe, facemoodsTlbr.dll, MessengerAssist.exe (adware MarketScore)

October 25, 2010 by NightWatcher
Filed under: Adware 
: Solved!

You should Download Removal Tool here...

Malware: SetupMessengerAssist.exe

Removed: C:\Program Files\facemoods.com\facemoods\1.4.17.0\bh\facemoods.dll
C:\Program Files\facemoods.com\facemoods\1.4.17.0\facemoodssrv.exe
C:\Program Files\facemoods.com\facemoods\1.4.17.0\facemoodsTlbr.dll
C:\Program Files\Messenger Assist\MessengerAssist.exe

—————————————————————————————————————————-
Detected by UnHackMe:

Item Name: {64182481-4F71-486b-A045-B233BD0DA8FC}
Author: facemoods.com BHO
Related File: C:\PROGRAM FILES\FACEMOODS.COM\FACEMOODS\1.4.17.0\BH\FACEMOODS.DLL
Type: Browser Helper Objects

Item Name: {DB4E9724-F518-4dfd-9C7C-78B52103CAB9}
Author: facemoods.com
Related File: C:\PROGRAM FILES\FACEMOODS.COM\FACEMOODS\1.4.17.0\FACEMOODSTLBR.DLL
Type: Toolbars

Item Name: facemoods
Author: facemoods.com
Related File: C:\PROGRAM FILES\FACEMOODS.COM\FACEMOODS\1.4.17.0\FACEMOODSSRV.EXE
Type: Registry Run

Item Name: Messenger Assist.lnk
Author: BookmarkSoft
Related File: C:\PROGRAM FILES\MESSENGER ASSIST\MESSENGERASSIST.EXE
Type: Common Startup Folder

Item Name: MessengerAssist.exe
Author:
Related File: C:\PROGRAM FILES\MESSENGER ASSIST\MESSENGERASSIST.EXE
Type: Running Processes

Removal Results: Success
Number of reboot: 1

—————————————————————————————————————————-
How to quickly detect malware presence?

Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\facemoods
Value: “”C:\Program Files\facemoods.com\facemoods\1.4.17.0\facemoodssrv.exe” /md I”

Folders:
C:\Documents and Settings\Administrator\Application Data\facemoods.com
C:\Documents and Settings\All Users\Start Menu\Programs\Messenger Assist
C:\Program Files\facemoods.com\facemoods
C:\Program Files\Messenger Assist

Files:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Messenger Assist.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Messenger Assist\Messenger Assist on the Web.url
C:\Documents and Settings\All Users\Start Menu\Programs\Messenger Assist\Messenger Assist.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Messenger Assist\Uninstall.lnk
C:\Program Files\facemoods.com\facemoods\1.4.17.0\bh\facemoods.dll
C:\Program Files\facemoods.com\facemoods\1.4.17.0\facemoods.crx
C:\Program Files\facemoods.com\facemoods\1.4.17.0\facemoods.png
C:\Program Files\facemoods.com\facemoods\1.4.17.0\facemoodsApp.dll
C:\Program Files\facemoods.com\facemoods\1.4.17.0\facemoodsEng.dll
C:\Program Files\facemoods.com\facemoods\1.4.17.0\facemoodssrv.exe
C:\Program Files\facemoods.com\facemoods\1.4.17.0\facemoodsTlbr.dll
C:\Program Files\Messenger Assist\facemoods.exe
C:\Program Files\Messenger Assist\InternalUtils.dll
C:\Program Files\Messenger Assist\Interop.iTunesLib.dll
C:\Program Files\Messenger Assist\MessengerAssist.exe

—————————————————————————————————————————-
Classification:

Antivirus Version Last Update Result
F-Secure 9.0.16160.0 2010.10.25 Gen:Adware.Heur.qq1@R8TEFdhi
Kaspersky 7.0.0.125 2010.10.25 -
Microsoft 1.6301 2010.10.24 -
NOD32 5560 2010.10.24 Win32/Adware.MarketScore.A

—————————————————————————————————————————-

MD5 8b619ceff228486a661158e448598fb5

SHA1 907f3ef94ba09be7de0e9336db8f95552e607416

SHA256 0e858b47025a2ff4be970c9ebaa676b46ae20b39903eb153eb912677f7c8c6cc

—————————————————————————————————————————-


Installation
When the program is executed, it creates the following registry subkeys and values:

———————————-
Keys added:209
———————————-
HKLM\Software\Classes\AppID\escort.DLL
HKLM\Software\Classes\AppID\esrv.EXE
HKLM\Software\Classes\AppID\{5B1881D1-D9C7-46df-B041-1E593282C7D0}
HKLM\Software\Classes\AppID\{5B1881D1-D9C7-46df-B041-1E593282C7D0}\Instl
HKLM\Software\Classes\AppID\{5B1881D1-D9C7-46df-B041-1E593282C7D0}\Instl\Data
HKLM\Software\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
HKLM\Software\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}
HKLM\Software\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}\InprocServer32
HKLM\Software\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}\ProgID
HKLM\Software\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}\Programmable
HKLM\Software\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}\TypeLib
HKLM\Software\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}\VersionIndependentProgID
HKLM\Software\Classes\CLSID\{929801A8-4AEF-4d12-BE31-D85BF666452B}
HKLM\Software\Classes\CLSID\{929801A8-4AEF-4d12-BE31-D85BF666452B}\Implemented Categories
HKLM\Software\Classes\CLSID\{929801A8-4AEF-4d12-BE31-D85BF666452B}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
HKLM\Software\Classes\CLSID\{929801A8-4AEF-4d12-BE31-D85BF666452B}\InprocServer32
HKLM\Software\Classes\CLSID\{929801A8-4AEF-4d12-BE31-D85BF666452B}\Instance
HKLM\Software\Classes\CLSID\{929801A8-4AEF-4d12-BE31-D85BF666452B}\Instance\InitPropertyBag
HKLM\Software\Classes\CLSID\{929801A8-4AEF-4d12-BE31-D85BF666452B}\ProgID
HKLM\Software\Classes\CLSID\{929801A8-4AEF-4d12-BE31-D85BF666452B}\Programmable
HKLM\Software\Classes\CLSID\{929801A8-4AEF-4d12-BE31-D85BF666452B}\TypeLib
HKLM\Software\Classes\CLSID\{929801A8-4AEF-4d12-BE31-D85BF666452B}\VersionIndependentProgID
HKLM\Software\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}
HKLM\Software\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}\InprocServer32
HKLM\Software\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}\ProgID
HKLM\Software\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}\Programmable
HKLM\Software\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}\TypeLib
HKLM\Software\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}\VersionIndependentProgID
HKLM\Software\Classes\CLSID\{AD20D01C-C939-4dd2-8C55-56935A48987E}
HKLM\Software\Classes\CLSID\{AD20D01C-C939-4dd2-8C55-56935A48987E}\InprocServer32
HKLM\Software\Classes\CLSID\{AD20D01C-C939-4dd2-8C55-56935A48987E}\ProgID
HKLM\Software\Classes\CLSID\{AD20D01C-C939-4dd2-8C55-56935A48987E}\Programmable
HKLM\Software\Classes\CLSID\{AD20D01C-C939-4dd2-8C55-56935A48987E}\TypeLib
HKLM\Software\Classes\CLSID\{AD20D01C-C939-4dd2-8C55-56935A48987E}\VersionIndependentProgID
HKLM\Software\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}
HKLM\Software\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}\InprocServer32
HKLM\Software\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}\ProgID
HKLM\Software\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}\Programmable
HKLM\Software\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}\TypeLib
HKLM\Software\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}\VersionIndependentProgID
HKLM\Software\Classes\CLSID\{DDE2C74F-58CC-4d71-8CE1-09DEBB8CFB78}
HKLM\Software\Classes\CLSID\{DDE2C74F-58CC-4d71-8CE1-09DEBB8CFB78}\InprocServer32
HKLM\Software\Classes\CLSID\{DDE2C74F-58CC-4d71-8CE1-09DEBB8CFB78}\ProgID
HKLM\Software\Classes\CLSID\{DDE2C74F-58CC-4d71-8CE1-09DEBB8CFB78}\Programmable
HKLM\Software\Classes\CLSID\{DDE2C74F-58CC-4d71-8CE1-09DEBB8CFB78}\TypeLib
HKLM\Software\Classes\CLSID\{DDE2C74F-58CC-4d71-8CE1-09DEBB8CFB78}\VersionIndependentProgID
HKLM\Software\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}
HKLM\Software\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}\LocalServer32
HKLM\Software\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}\ProgID
HKLM\Software\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}\Programmable
HKLM\Software\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}\TypeLib
HKLM\Software\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}\VersionIndependentProgID
HKLM\Software\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
HKLM\Software\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}\ProxyStubClsid
HKLM\Software\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}\ProxyStubClsid32
HKLM\Software\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}\TypeLib
HKLM\Software\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
HKLM\Software\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}\ProxyStubClsid
HKLM\Software\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}\ProxyStubClsid32
HKLM\Software\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}\TypeLib
HKLM\Software\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
HKLM\Software\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}\ProxyStubClsid
HKLM\Software\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}\ProxyStubClsid32
HKLM\Software\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}\TypeLib
HKLM\Software\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
HKLM\Software\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}\ProxyStubClsid
HKLM\Software\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}\ProxyStubClsid32
HKLM\Software\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}\TypeLib
HKLM\Software\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
HKLM\Software\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}\ProxyStubClsid
HKLM\Software\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}\ProxyStubClsid32
HKLM\Software\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}\TypeLib
HKLM\Software\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
HKLM\Software\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}\ProxyStubClsid
HKLM\Software\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}\ProxyStubClsid32
HKLM\Software\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}\TypeLib
HKLM\Software\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
HKLM\Software\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}\ProxyStubClsid
HKLM\Software\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}\ProxyStubClsid32
HKLM\Software\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}\TypeLib
HKLM\Software\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
HKLM\Software\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}\ProxyStubClsid
HKLM\Software\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}\ProxyStubClsid32
HKLM\Software\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}\TypeLib
HKLM\Software\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
HKLM\Software\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}\ProxyStubClsid
HKLM\Software\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}\ProxyStubClsid32
HKLM\Software\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}\TypeLib
HKLM\Software\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
HKLM\Software\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}\ProxyStubClsid
HKLM\Software\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}\ProxyStubClsid32
HKLM\Software\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}\TypeLib
HKLM\Software\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
HKLM\Software\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}\ProxyStubClsid
HKLM\Software\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}\ProxyStubClsid32
HKLM\Software\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}\TypeLib
HKLM\Software\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
HKLM\Software\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}\ProxyStubClsid
HKLM\Software\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}\ProxyStubClsid32
HKLM\Software\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}\TypeLib
HKLM\Software\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
HKLM\Software\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}\ProxyStubClsid
HKLM\Software\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}\ProxyStubClsid32
HKLM\Software\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}\TypeLib
HKLM\Software\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
HKLM\Software\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}\ProxyStubClsid
HKLM\Software\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}\ProxyStubClsid32
HKLM\Software\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}\TypeLib
HKLM\Software\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
HKLM\Software\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}\ProxyStubClsid
HKLM\Software\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}\ProxyStubClsid32
HKLM\Software\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}\TypeLib
HKLM\Software\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
HKLM\Software\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}\ProxyStubClsid
HKLM\Software\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}\ProxyStubClsid32
HKLM\Software\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}\TypeLib
HKLM\Software\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
HKLM\Software\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}\ProxyStubClsid
HKLM\Software\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}\ProxyStubClsid32
HKLM\Software\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}\TypeLib
HKLM\Software\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
HKLM\Software\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}\1.0
HKLM\Software\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}\1.0\0
HKLM\Software\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}\1.0\0\win32
HKLM\Software\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}\1.0\FLAGS
HKLM\Software\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}\1.0\HELPDIR
HKLM\Software\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}
HKLM\Software\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}\1.0
HKLM\Software\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}\1.0\0
HKLM\Software\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}\1.0\0\win32
HKLM\Software\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}\1.0\FLAGS
HKLM\Software\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}\1.0\HELPDIR
HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\1.0
HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\1.0\0
HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\1.0\0\win32
HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\1.0\FLAGS
HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\1.0\HELPDIR
HKLM\Software\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}
HKLM\Software\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}\1.0
HKLM\Software\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}\1.0\0
HKLM\Software\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}\1.0\0\win32
HKLM\Software\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}\1.0\FLAGS
HKLM\Software\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}\1.0\HELPDIR
HKLM\Software\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
HKLM\Software\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}\1.0
HKLM\Software\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}\1.0\0
HKLM\Software\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}\1.0\0\win32
HKLM\Software\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}\1.0\FLAGS
HKLM\Software\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}\1.0\HELPDIR
HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\1.0
HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\1.0\0
HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\1.0\0\win32
HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\1.0\FLAGS
HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\1.0\HELPDIR
HKLM\Software\Classes\escort.escortIEPane
HKLM\Software\Classes\escort.escortIEPane\CLSID
HKLM\Software\Classes\escort.escortIEPane\CurVer
HKLM\Software\Classes\escort.escortIEPane.1
HKLM\Software\Classes\escort.escortIEPane.1\CLSID
HKLM\Software\Classes\escort.escrtBtn.1
HKLM\Software\Classes\escort.escrtBtn.1\CLSID
HKLM\Software\Classes\escort.escrtBtn.1\CurVer
HKLM\Software\Classes\esrv.escrtSrvc
HKLM\Software\Classes\esrv.escrtSrvc\CLSID
HKLM\Software\Classes\esrv.escrtSrvc\CurVer
HKLM\Software\Classes\esrv.escrtSrvc.1
HKLM\Software\Classes\esrv.escrtSrvc.1\CLSID
HKLM\Software\Classes\facemoods.dskBnd
HKLM\Software\Classes\facemoods.dskBnd\CLSID
HKLM\Software\Classes\facemoods.dskBnd\CurVer
HKLM\Software\Classes\facemoods.dskBnd.1
HKLM\Software\Classes\facemoods.dskBnd.1\CLSID
HKLM\Software\Classes\facemoods.facemoodsHlpr
HKLM\Software\Classes\facemoods.facemoodsHlpr\CLSID
HKLM\Software\Classes\facemoods.facemoodsHlpr\CurVer
HKLM\Software\Classes\facemoods.facemoodsHlpr.1
HKLM\Software\Classes\facemoods.facemoodsHlpr.1\CLSID
HKLM\Software\Classes\facemoods.xtrnl
HKLM\Software\Classes\facemoods.xtrnl\CLSID
HKLM\Software\Classes\facemoods.xtrnl\CurVer
HKLM\Software\Classes\facemoods.xtrnl.1
HKLM\Software\Classes\facemoods.xtrnl.1\CLSID
HKLM\Software\Classes\facemoodsApp.appCore
HKLM\Software\Classes\facemoodsApp.appCore\CLSID
HKLM\Software\Classes\facemoodsApp.appCore\CurVer
HKLM\Software\Classes\facemoodsApp.appCore.1
HKLM\Software\Classes\facemoodsApp.appCore.1\CLSID
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4f05-9A6E-5D3B778EC567}
HKLM\Software\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486b-A045-B233BD0DA8FC}
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\facemoods
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9388F8B2-B5F1-4E9B-A3EB-BC510F317690}_is1
HKLM\Software\facemoods.com
HKLM\Software\facemoods.com\facemoods
HKLM\Software\facemoods.com\facemoods\Instl
HKLM\Software\facemoods.com\facemoods\Instl\Install
HKLM\Software\Google
HKLM\Software\Google\chrome
HKLM\Software\Google\chrome\Extensions
HKLM\Software\Google\chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
HKCU\Software\facemoods.com
HKCU\Software\facemoods.com\facemoods
HKCU\Software\facemoods.com\facemoods\instl
HKCU\Software\facemoods.com\facemoods\instl\Install

———————————-
Values added:250
———————————-
HKLM\Software\Classes\AppID\escort.DLL\AppID: “{5B1881D1-D9C7-46df-B041-1E593282C7D0}”
HKLM\Software\Classes\AppID\esrv.EXE\AppID: “{AD25754E-D76C-42B3-A335-2F81478B722F}”
HKLM\Software\Classes\AppID\{5B1881D1-D9C7-46df-B041-1E593282C7D0}\Instl\Data\afltId: “falco”
HKLM\Software\Classes\AppID\{5B1881D1-D9C7-46df-B041-1E593282C7D0}\Instl\Data\cntrlId: “ac332ff6000000000000000c2982064b”
HKLM\Software\Classes\AppID\{5B1881D1-D9C7-46df-B041-1E593282C7D0}\Instl\Data\hrdId: “ac332ff6000000000000000c2982064b”
HKLM\Software\Classes\AppID\{5B1881D1-D9C7-46df-B041-1E593282C7D0}\Instl\Data\instlDay: 0x00003A3B
HKLM\Software\Classes\AppID\{5B1881D1-D9C7-46df-B041-1E593282C7D0}\Instl\Data\prtnrId: “facemoods.com”
HKLM\Software\Classes\AppID\{5B1881D1-D9C7-46df-B041-1E593282C7D0}\Instl\Data\sftId: “40e99abc12034c1db8364f5c9f95b592″
HKLM\Software\Classes\AppID\{5B1881D1-D9C7-46df-B041-1E593282C7D0}\: “escort”
HKLM\Software\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}\: “esrv”
HKLM\Software\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}\VersionIndependentProgID\: “facemoods.facemoodsHlpr”
HKLM\Software\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}\TypeLib\: “{09C554C3-109B-483C-A06B-F14172F1A947}”
HKLM\Software\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}\ProgID\: “facemoods.facemoodsHlpr.1″
HKLM\Software\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}\InprocServer32\: “C:\Program Files\facemoods.com\facemoods\1.4.17.0\bh\facemoods.dll”
HKLM\Software\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}\InprocServer32\ThreadingModel: “apartment”
HKLM\Software\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}\: “CescrtHlpr Object”
HKLM\Software\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}\AppID: “{5B1881D1-D9C7-46df-B041-1E593282C7D0}”
HKLM\Software\Classes\CLSID\{929801A8-4AEF-4d12-BE31-D85BF666452B}\Instance\InitPropertyBag\URL: “about:blank”
HKLM\Software\Classes\CLSID\{929801A8-4AEF-4d12-BE31-D85BF666452B}\VersionIndependentProgID\: “escort.escortIEPane”
HKLM\Software\Classes\CLSID\{929801A8-4AEF-4d12-BE31-D85BF666452B}\TypeLib\: “{09C554C3-109B-483C-A06B-F14172F1A947}”
HKLM\Software\Classes\CLSID\{929801A8-4AEF-4d12-BE31-D85BF666452B}\ProgID\: “escort.escortIEPane.1″
HKLM\Software\Classes\CLSID\{929801A8-4AEF-4d12-BE31-D85BF666452B}\Instance\CLSID: “{929801A8-4AEF-4d12-BE31-D85BF666452B}”
HKLM\Software\Classes\CLSID\{929801A8-4AEF-4d12-BE31-D85BF666452B}\InprocServer32\: “C:\Program Files\facemoods.com\facemoods\1.4.17.0\bh\facemoods.dll”
HKLM\Software\Classes\CLSID\{929801A8-4AEF-4d12-BE31-D85BF666452B}\InprocServer32\ThreadingModel: “apartment”
HKLM\Software\Classes\CLSID\{929801A8-4AEF-4d12-BE31-D85BF666452B}\: “facemoods.com”
HKLM\Software\Classes\CLSID\{929801A8-4AEF-4d12-BE31-D85BF666452B}\AppID: “{5B1881D1-D9C7-46df-B041-1E593282C7D0}”
HKLM\Software\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}\VersionIndependentProgID\: “facemoods.xtrnl”
HKLM\Software\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}\TypeLib\: “{B12E99ED-69BD-437C-86BE-C862B9E5444D}”
HKLM\Software\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}\ProgID\: “facemoods.xtrnl.1″
HKLM\Software\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}\InprocServer32\: “C:\Program Files\facemoods.com\facemoods\1.4.17.0\facemoodsEng.dll”
HKLM\Software\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}\InprocServer32\ThreadingModel: “apartment”
HKLM\Software\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}\: “escrtAx Object”
HKLM\Software\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}\AppID: “”
HKLM\Software\Classes\CLSID\{AD20D01C-C939-4dd2-8C55-56935A48987E}\VersionIndependentProgID\: “facemoodsApp.appCore”
HKLM\Software\Classes\CLSID\{AD20D01C-C939-4dd2-8C55-56935A48987E}\TypeLib\: “{D7EE8177-D51E-4F89-92B6-83EA2EC40800}”
HKLM\Software\Classes\CLSID\{AD20D01C-C939-4dd2-8C55-56935A48987E}\ProgID\: “facemoodsApp.appCore.1″
HKLM\Software\Classes\CLSID\{AD20D01C-C939-4dd2-8C55-56935A48987E}\InprocServer32\: “C:\Program Files\facemoods.com\facemoods\1.4.17.0\facemoodsApp.dll”
HKLM\Software\Classes\CLSID\{AD20D01C-C939-4dd2-8C55-56935A48987E}\InprocServer32\ThreadingModel: “apartment”
HKLM\Software\Classes\CLSID\{AD20D01C-C939-4dd2-8C55-56935A48987E}\: “appCore Object”
HKLM\Software\Classes\CLSID\{AD20D01C-C939-4dd2-8C55-56935A48987E}\AppID: “”
HKLM\Software\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}\VersionIndependentProgID\: “facemoods.dskBnd”
HKLM\Software\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}\TypeLib\: “{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}”
HKLM\Software\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}\ProgID\: “facemoods.dskBnd.1″
HKLM\Software\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}\InprocServer32\: “C:\Program Files\facemoods.com\facemoods\1.4.17.0\facemoodsTlbr.dll”
HKLM\Software\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}\InprocServer32\ThreadingModel: “apartment”
HKLM\Software\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}\: “facemoods Toolbar”
HKLM\Software\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}\AppID: “”
HKLM\Software\Classes\CLSID\{DDE2C74F-58CC-4d71-8CE1-09DEBB8CFB78}\VersionIndependentProgID\: “escort.escrtBtn.1″
HKLM\Software\Classes\CLSID\{DDE2C74F-58CC-4d71-8CE1-09DEBB8CFB78}\TypeLib\: “{09C554C3-109B-483C-A06B-F14172F1A947}”
HKLM\Software\Classes\CLSID\{DDE2C74F-58CC-4d71-8CE1-09DEBB8CFB78}\ProgID\: “escort.escrtBtn.1″
HKLM\Software\Classes\CLSID\{DDE2C74F-58CC-4d71-8CE1-09DEBB8CFB78}\InprocServer32\: “C:\Program Files\facemoods.com\facemoods\1.4.17.0\bh\facemoods.dll”
HKLM\Software\Classes\CLSID\{DDE2C74F-58CC-4d71-8CE1-09DEBB8CFB78}\InprocServer32\ThreadingModel: “apartment”
HKLM\Software\Classes\CLSID\{DDE2C74F-58CC-4d71-8CE1-09DEBB8CFB78}\: “escrtBtn Object”
HKLM\Software\Classes\CLSID\{DDE2C74F-58CC-4d71-8CE1-09DEBB8CFB78}\AppID: “{5B1881D1-D9C7-46df-B041-1E593282C7D0}”
HKLM\Software\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}\VersionIndependentProgID\: “esrv.escrtSrvc”
HKLM\Software\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}\TypeLib\: “{AD25754E-D76C-42B3-A335-2F81478B722F}”
HKLM\Software\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}\ProgID\: “esrv.escrtSrvc.1″
HKLM\Software\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}\LocalServer32\: “”C:\Program Files\facemoods.com\facemoods\1.4.17.0\facemoodssrv.exe”"
HKLM\Software\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}\LocalServer32\ThreadingModel: “apartment”
HKLM\Software\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}\: “escrtSrvc Object”
HKLM\Software\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}\AppID: “{AD25754E-D76C-42B3-A335-2F81478B722F}”
HKLM\Software\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}\TypeLib\: “{12A5F606-B1EC-474C-83ED-95E99FD8058E}”
HKLM\Software\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}\TypeLib\Version: “1.0″
HKLM\Software\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}\ProxyStubClsid32\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}\ProxyStubClsid\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}\: “IxpEmphszr”
HKLM\Software\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}\TypeLib\: “{12A5F606-B1EC-474C-83ED-95E99FD8058E}”
HKLM\Software\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}\TypeLib\Version: “1.0″
HKLM\Software\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}\ProxyStubClsid32\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}\ProxyStubClsid\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}\: “IwebAtrbts”
HKLM\Software\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}\TypeLib\: “{12A5F606-B1EC-474C-83ED-95E99FD8058E}”
HKLM\Software\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}\TypeLib\Version: “1.0″
HKLM\Software\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}\ProxyStubClsid32\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}\ProxyStubClsid\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}\: “IXmlCnfg”
HKLM\Software\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}\TypeLib\: “{12A5F606-B1EC-474C-83ED-95E99FD8058E}”
HKLM\Software\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}\TypeLib\Version: “1.0″
HKLM\Software\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}\ProxyStubClsid32\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}\ProxyStubClsid\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}\: “IXtrnlBsc”
HKLM\Software\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}\TypeLib\: “{AD25754E-D76C-42B3-A335-2F81478B722F}”
HKLM\Software\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}\TypeLib\Version: “1.0″
HKLM\Software\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}\ProxyStubClsid32\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}\ProxyStubClsid\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}\: “IescrtSrvc”
HKLM\Software\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}\TypeLib\: “{B12E99ED-69BD-437C-86BE-C862B9E5444D}”
HKLM\Software\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}\TypeLib\Version: “1.0″
HKLM\Software\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}\ProxyStubClsid32\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}\ProxyStubClsid\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}\: “IescrtAx”
HKLM\Software\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}\TypeLib\: “{12A5F606-B1EC-474C-83ED-95E99FD8058E}”
HKLM\Software\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}\TypeLib\Version: “1.0″
HKLM\Software\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}\ProxyStubClsid32\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}\ProxyStubClsid\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}\: “Ixtrnlmain”
HKLM\Software\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}\TypeLib\: “{12A5F606-B1EC-474C-83ED-95E99FD8058E}”
HKLM\Software\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}\TypeLib\Version: “1.0″
HKLM\Software\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}\ProxyStubClsid32\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}\ProxyStubClsid\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}\: “IappInfo”
HKLM\Software\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}\TypeLib\: “{12A5F606-B1EC-474C-83ED-95E99FD8058E}”
HKLM\Software\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}\TypeLib\Version: “1.0″
HKLM\Software\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}\ProxyStubClsid32\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}\ProxyStubClsid\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}\: “IesrvXtrnl”
HKLM\Software\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}\TypeLib\: “{12A5F606-B1EC-474C-83ED-95E99FD8058E}”
HKLM\Software\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}\TypeLib\Version: “1.0″
HKLM\Software\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}\ProxyStubClsid32\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}\ProxyStubClsid\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}\: “IReporter”
HKLM\Software\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}\TypeLib\: “{D7EE8177-D51E-4F89-92B6-83EA2EC40800}”
HKLM\Software\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}\TypeLib\Version: “1.0″
HKLM\Software\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}\ProxyStubClsid32\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}\ProxyStubClsid\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}\: “IappCore”
HKLM\Software\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}\TypeLib\: “{12A5F606-B1EC-474C-83ED-95E99FD8058E}”
HKLM\Software\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}\TypeLib\Version: “1.0″
HKLM\Software\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}\ProxyStubClsid32\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}\ProxyStubClsid\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}\: “IIEWndFct”
HKLM\Software\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}\TypeLib\: “{09C554C3-109B-483C-A06B-F14172F1A947}”
HKLM\Software\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}\TypeLib\Version: “1.0″
HKLM\Software\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}\ProxyStubClsid32\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}\ProxyStubClsid\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}\: “IescrtHlpr”
HKLM\Software\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}\TypeLib\: “{12A5F606-B1EC-474C-83ED-95E99FD8058E}”
HKLM\Software\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}\TypeLib\Version: “1.0″
HKLM\Software\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}\ProxyStubClsid32\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}\ProxyStubClsid\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}\: “IRegmapDisp”
HKLM\Software\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}\TypeLib\: “{12A5F606-B1EC-474C-83ED-95E99FD8058E}”
HKLM\Software\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}\TypeLib\Version: “1.0″
HKLM\Software\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}\ProxyStubClsid32\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}\ProxyStubClsid\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}\: “IEHostWnd”
HKLM\Software\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}\TypeLib\: “{09C554C3-109B-483C-A06B-F14172F1A947}”
HKLM\Software\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}\TypeLib\Version: “1.0″
HKLM\Software\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}\ProxyStubClsid32\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}\ProxyStubClsid\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}\: “IescrtBtn”
HKLM\Software\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}\TypeLib\: “{12A5F606-B1EC-474C-83ED-95E99FD8058E}”
HKLM\Software\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}\TypeLib\Version: “1.0″
HKLM\Software\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}\ProxyStubClsid32\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}\ProxyStubClsid\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}\: “IEvntCntr”
HKLM\Software\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}\1.0\0\win32\: “C:\Program Files\facemoods.com\facemoods\1.4.17.0\bh\facemoods.dll”
HKLM\Software\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}\1.0\HELPDIR\: “C:\Program Files\facemoods.com\facemoods\1.4.17.0\bh\”
HKLM\Software\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}\1.0\FLAGS\: “0″
HKLM\Software\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}\1.0\: “escort 1.0 Type Library”
HKLM\Software\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}\1.0\0\win32\: “C:\Program Files\facemoods.com\facemoods\1.4.17.0\facemoodssrv.exe\2″
HKLM\Software\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}\1.0\HELPDIR\: “C:\Program Files\facemoods.com\facemoods\1.4.17.0\”
HKLM\Software\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}\1.0\FLAGS\: “0″
HKLM\Software\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}\1.0\: “facemoodsCmn 1.0 Type Library”
HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\1.0\0\win32\: “C:\Program Files\facemoods.com\facemoods\1.4.17.0\facemoodsTlbr.dll”
HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\1.0\HELPDIR\: “C:\Program Files\facemoods.com\facemoods\1.4.17.0\”
HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\1.0\FLAGS\: “0″
HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\1.0\: “escorTlbr 1.0 Type Library”
HKLM\Software\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}\1.0\0\win32\: “C:\Program Files\facemoods.com\facemoods\1.4.17.0\facemoodssrv.exe”
HKLM\Software\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}\1.0\HELPDIR\: “C:\Program Files\facemoods.com\facemoods\1.4.17.0\”
HKLM\Software\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}\1.0\FLAGS\: “0″
HKLM\Software\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}\1.0\: “esrv 1.0 Type Library”
HKLM\Software\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}\1.0\0\win32\: “C:\Program Files\facemoods.com\facemoods\1.4.17.0\facemoodsEng.dll”
HKLM\Software\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}\1.0\HELPDIR\: “C:\Program Files\facemoods.com\facemoods\1.4.17.0\”
HKLM\Software\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}\1.0\FLAGS\: “0″
HKLM\Software\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}\1.0\: “escortEng 1.0 Type Library”
HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\1.0\0\win32\: “C:\Program Files\facemoods.com\facemoods\1.4.17.0\facemoodsApp.dll”
HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\1.0\HELPDIR\: “C:\Program Files\facemoods.com\facemoods\1.4.17.0\”
HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\1.0\FLAGS\: “0″
HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\1.0\: “escortApp 1.0 Type Library”
HKLM\Software\Classes\escort.escortIEPane\CurVer\: “escort.escortIEPane.1″
HKLM\Software\Classes\escort.escortIEPane\CLSID\: “{929801A8-4AEF-4d12-BE31-D85BF666452B}”
HKLM\Software\Classes\escort.escortIEPane\: “escortIEPane Object”
HKLM\Software\Classes\escort.escortIEPane.1\CLSID\: “{929801A8-4AEF-4d12-BE31-D85BF666452B}”
HKLM\Software\Classes\escort.escortIEPane.1\: “escortIEPane Object”
HKLM\Software\Classes\escort.escrtBtn.1\CurVer\: “escort.escrtBtn.1″
HKLM\Software\Classes\escort.escrtBtn.1\CLSID\: “{DDE2C74F-58CC-4d71-8CE1-09DEBB8CFB78}”
HKLM\Software\Classes\escort.escrtBtn.1\: “escrtBtn Object”
HKLM\Software\Classes\esrv.escrtSrvc\CurVer\: “esrv.escrtSrvc.1″
HKLM\Software\Classes\esrv.escrtSrvc\CLSID\: “{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}”
HKLM\Software\Classes\esrv.escrtSrvc\: “escrtSrvc Object”
HKLM\Software\Classes\esrv.escrtSrvc.1\CLSID\: “{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}”
HKLM\Software\Classes\esrv.escrtSrvc.1\: “escrtSrvc Object”
HKLM\Software\Classes\facemoods.dskBnd\CurVer\: “facemoods.dskBnd.1″
HKLM\Software\Classes\facemoods.dskBnd\CLSID\: “{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}”
HKLM\Software\Classes\facemoods.dskBnd\: “CDskBnd Object”
HKLM\Software\Classes\facemoods.dskBnd.1\CLSID\: “{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}”
HKLM\Software\Classes\facemoods.dskBnd.1\: “CDskBnd Object”
HKLM\Software\Classes\facemoods.facemoodsHlpr\CurVer\: “facemoods.facemoodsHlpr.1″
HKLM\Software\Classes\facemoods.facemoodsHlpr\CLSID\: “{64182481-4F71-486b-A045-B233BD0DA8FC}”
HKLM\Software\Classes\facemoods.facemoodsHlpr\: “CescrtHlpr Object”
HKLM\Software\Classes\facemoods.facemoodsHlpr.1\CLSID\: “{64182481-4F71-486b-A045-B233BD0DA8FC}”
HKLM\Software\Classes\facemoods.facemoodsHlpr.1\: “CescrtHlpr Object”
HKLM\Software\Classes\facemoods.xtrnl\CurVer\: “facemoods.xtrnl.1″
HKLM\Software\Classes\facemoods.xtrnl\CLSID\: “{A5B99E41-E157-4209-8AAC-DB003A816079}”
HKLM\Software\Classes\facemoods.xtrnl\: “escrtAx Object”
HKLM\Software\Classes\facemoods.xtrnl.1\CLSID\: “{A5B99E41-E157-4209-8AAC-DB003A816079}”
HKLM\Software\Classes\facemoods.xtrnl.1\: “escrtAx Object”
HKLM\Software\Classes\facemoodsApp.appCore\CurVer\: “facemoodsApp.appCore.1″
HKLM\Software\Classes\facemoodsApp.appCore\CLSID\: “{AD20D01C-C939-4dd2-8C55-56935A48987E}”
HKLM\Software\Classes\facemoodsApp.appCore\: “appCore Object”
HKLM\Software\Classes\facemoodsApp.appCore.1\CLSID\: “{AD20D01C-C939-4dd2-8C55-56935A48987E}”
HKLM\Software\Classes\facemoodsApp.appCore.1\: “appCore Object”
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4f05-9A6E-5D3B778EC567}\Policy: 0×00000003
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4f05-9A6E-5D3B778EC567}\AppName: “facemoodssrv.exe”
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4f05-9A6E-5D3B778EC567}\AppPath: “C:\Program Files\facemoods.com\facemoods\1.4.17.0″
HKLM\Software\Microsoft\Internet Explorer\Search\SearchAssistant: “http://start.facemoods.com/?a=falco&s={searchTerms}&f=4″
HKLM\Software\Microsoft\Internet Explorer\Toolbar\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}: “facemoods Toolbar”
HKLM\Software\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob: 04 00 00 /…/ 4E 86 04
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486b-A045-B233BD0DA8FC}\: “facemoods Helper”
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486b-A045-B233BD0DA8FC}\NoExplorer: 0×00000001
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\facemoods: “”C:\Program Files\facemoods.com\facemoods\1.4.17.0\facemoodssrv.exe” /md I”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\facemoods\DisplayName: “facemoods”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\facemoods\UninstallString: “”C:\Program Files\facemoods.com\facemoods\1.4.17.0\uninstall.exe”"
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\facemoods\NoModify: 0×00000001
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\facemoods\NoRepair: 0×00000001
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9388F8B2-B5F1-4E9B-A3EB-BC510F317690}_is1\Inno Setup: Setup Version: “5.3.6 (a)”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9388F8B2-B5F1-4E9B-A3EB-BC510F317690}_is1\Inno Setup: App Path: “C:\Program Files\Messenger Assist”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9388F8B2-B5F1-4E9B-A3EB-BC510F317690}_is1\InstallLocation: “C:\Program Files\Messenger Assist\”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9388F8B2-B5F1-4E9B-A3EB-BC510F317690}_is1\Inno Setup: Icon Group: “Messenger Assist”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9388F8B2-B5F1-4E9B-A3EB-BC510F317690}_is1\Inno Setup: User: “Administrator”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9388F8B2-B5F1-4E9B-A3EB-BC510F317690}_is1\Inno Setup: Selected Tasks: “”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9388F8B2-B5F1-4E9B-A3EB-BC510F317690}_is1\Inno Setup: Deselected Tasks: “desktopicon,quicklaunchicon”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9388F8B2-B5F1-4E9B-A3EB-BC510F317690}_is1\DisplayName: “Messenger Assist 1.1″
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9388F8B2-B5F1-4E9B-A3EB-BC510F317690}_is1\UninstallString: “”C:\Program Files\Messenger Assist\unins000.exe”"
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9388F8B2-B5F1-4E9B-A3EB-BC510F317690}_is1\QuietUninstallString: “”C:\Program Files\Messenger Assist\unins000.exe” /SILENT”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9388F8B2-B5F1-4E9B-A3EB-BC510F317690}_is1\Publisher: “BookmarkSoft. IM tools”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9388F8B2-B5F1-4E9B-A3EB-BC510F317690}_is1\URLInfoAbout: “http://www.MessengerAssist.com/”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9388F8B2-B5F1-4E9B-A3EB-BC510F317690}_is1\HelpLink: “http://www.MessengerAssist.com/”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9388F8B2-B5F1-4E9B-A3EB-BC510F317690}_is1\URLUpdateInfo: “http://www.MessengerAssist.com/”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9388F8B2-B5F1-4E9B-A3EB-BC510F317690}_is1\NoModify: 0×00000001
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9388F8B2-B5F1-4E9B-A3EB-BC510F317690}_is1\NoRepair: 0×00000001
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9388F8B2-B5F1-4E9B-A3EB-BC510F317690}_is1\InstallDate: “20101025″
HKLM\Software\facemoods.com\facemoods\Instl\Install\SearchAssistant: “”
HKLM\Software\facemoods.com\facemoods\Instl\Install\Use Custom Search URL: 0×00000000
HKLM\Software\facemoods.com\facemoods\Instl\InstallDir: “C:\Program Files\facemoods.com\facemoods\1.4.17.0″
HKLM\Software\facemoods.com\facemoods\Instl\afltKey: “ac332ff6000000000000000c2982064b ”
HKLM\Software\Google\chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif\path: “C:\Program Files\facemoods.com\facemoods\1.4.17.0\facemoods.crx”
HKLM\Software\Google\chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif\version: “1.2.0″
HKCU\Software\Microsoft\Internet Explorer\Main\Use Custom Search URL: 0×00000000
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}\URL: “http://start.facemoods.com/?a=falco&s={searchTerms}&f=4″
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}\DisplayName: “Search”
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore\Type: 0×00000001
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore\Flags: 0×00000000
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore\Count: 0×00000002
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore\Time: DA 07 0A 00 01 00 19 00 05 00 20 00 2D 00 20 03
HKCU\Software\facemoods.com\facemoods\instl\Install\Start Page: “about:blank”
HKCU\Software\facemoods.com\facemoods\instl\Install\newTabSrch: “res://ieframe.dll/tabswelcome.htm”
HKCU\Software\facemoods.com\facemoods\instl\tlbrSrchUrl: “http://start.facemoods.com/?a=falco&f=3″
HKCU\Software\facemoods.com\facemoods\instl\DNSErrUrl: “http://start.facemoods.com/?a=falco&f=5″

———————————-
Values modified:9
———————————-
(-) HKLM\Software\Microsoft\Internet Explorer\AboutURLs\Tabs: “res://ieframe.dll/tabswelcome.htm”
(+) HKLM\Software\Microsoft\Internet Explorer\AboutURLs\Tabs: “http://start.facemoods.com/?a=falco&f=2″
(-) HKCU\Software\Microsoft\Internet Explorer\Main\Start Page: “about:blank”
(+) HKCU\Software\Microsoft\Internet Explorer\Main\Start Page: “http://start.facemoods.com/?a=falco”
(-) HKCU\Software\Microsoft\Internet Explorer\PhishingFilter\ShownVerifyBalloon: 0×00000002
(+) HKCU\Software\Microsoft\Internet Explorer\PhishingFilter\ShownVerifyBalloon: 0×00000003
(-) HKCU\Software\Microsoft\Internet Explorer\SearchScopes\DefaultScope: “{0633EE93-D776-472f-A0FF-E1416B8B2E3A}”
(+) HKCU\Software\Microsoft\Internet Explorer\SearchScopes\DefaultScope: “{0D7562AE-8EF6-416d-A838-AB665251703A}”
(-) HKCU\Software\Microsoft\Internet Explorer\Security\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F\UserFile: 01 00 00 /…/ 9B C9 B7
(+) HKCU\Software\Microsoft\Internet Explorer\Security\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F\UserFile: 01 00 00 /…/ 13 BD 6F
(-) HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore\Count: 0×00000009
(+) HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore\Count: 0x0000000B
(-) HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore\Time: DA 07 0A 00 01 00 0B 00 08 00 2B 00 35 00 AC 03
(+) HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore\Time: DA 07 0A 00 01 00 19 00 05 00 20 00 20 00 DC 01
(-) HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2E2DD38-D088-4134-82B7-F2BA38496583}\iexplore\Count: 0×00000009
(+) HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2E2DD38-D088-4134-82B7-F2BA38496583}\iexplore\Count: 0x0000000B
(-) HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2E2DD38-D088-4134-82B7-F2BA38496583}\iexplore\Time: DA 07 0A 00 01 00 0B 00 08 00 2B 00 36 00 60 00
(+) HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2E2DD38-D088-4134-82B7-F2BA38496583}\iexplore\Time: DA 07 0A 00 01 00 19 00 05 00 20 00 20 00 88 02

———————————-
Files added:71
———————————-
C:\Documents and Settings\Administrator\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
C:\Documents and Settings\Administrator\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
C:\Documents and Settings\Administrator\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
C:\Documents and Settings\Administrator\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\chrome.manifest
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\components\FFHst.dll
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\components\FFHst.xpt
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\facemoods.css
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\facemoods.png
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\facemoods.xul
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\fcmdDef.js
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\images\facebook_But.png
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\images\facebook_But2.png
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\images\facemoods.png
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\images\fb.gif
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\images\fbhome.gif
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\images\fbmsgs.gif
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\images\fbphotos.gif
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\images\fbprofile.gif
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\images\fbsettings.gif
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\images\fbshare.gif
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\images\fbuploads.gif
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\images\help_16.gif
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\images\home.gif
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\images\ibario_ball.png
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\images\logo.png
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\images\moodsIcon.png
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\images\pref.jpg
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\images\privecy_16_hot.gif
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\images\stripicons.png
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\images\tellafriend.gif
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\images\Thumbs.db
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\images\vssver.scc
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\instlgc.js
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\JSonButtons.js
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\Loader.js
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\mtrprt.js
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\newTabLgc.js
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\PPCB.js
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\preferences\preferences.js
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\preferences\preferences.xul
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\prefman.js
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\script-compiler.js
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\Thumbs.db
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\utils.js
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\vssver.scc
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\xmlhttprequester.js
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\xpiInstallLgc.js
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\defaults\preferences\instlPref.js
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\defaults\preferences\vssver.scc
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\install.rdf
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\vssver.scc
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Messenger Assist.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Messenger Assist\Messenger Assist on the Web.url
C:\Documents and Settings\All Users\Start Menu\Programs\Messenger Assist\Messenger Assist.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Messenger Assist\Uninstall.lnk
C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrchfalco.xml
C:\Program Files\facemoods.com\facemoods\1.4.17.0\bh\facemoods.dll
C:\Program Files\facemoods.com\facemoods\1.4.17.0\facemoods.crx
C:\Program Files\facemoods.com\facemoods\1.4.17.0\facemoods.png
C:\Program Files\facemoods.com\facemoods\1.4.17.0\facemoodsApp.dll
C:\Program Files\facemoods.com\facemoods\1.4.17.0\facemoodsEng.dll
C:\Program Files\facemoods.com\facemoods\1.4.17.0\facemoodssrv.exe
C:\Program Files\facemoods.com\facemoods\1.4.17.0\facemoodsTlbr.dll
C:\Program Files\facemoods.com\facemoods\1.4.17.0\uninstall.exe
C:\Program Files\Messenger Assist\facemoods.exe
C:\Program Files\Messenger Assist\InternalUtils.dll
C:\Program Files\Messenger Assist\Interop.iTunesLib.dll
C:\Program Files\Messenger Assist\MessengerAssist.exe
C:\Program Files\Messenger Assist\unins000.dat
C:\Program Files\Messenger Assist\unins000.exe

———————————-
Files deleted:1
———————————-
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions.cache

———————————-
Files [attributes?] modified:2
———————————-
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat

———————————-
Folders added:18
———————————-
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\chrome
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\components
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\images
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\preferences
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\defaults
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\defaults\preferences
C:\Documents and Settings\Administrator\Application Data\facemoods.com
C:\Documents and Settings\Administrator\Application Data\facemoods.com\facemoods
C:\Documents and Settings\Administrator\Local Settings\Application Data\Messenger Assist
C:\Documents and Settings\Administrator\Local Settings\Temp\is-K64SB.tmp
C:\Documents and Settings\All Users\Start Menu\Programs\Messenger Assist
C:\Program Files\facemoods.com
C:\Program Files\facemoods.com\facemoods
C:\Program Files\facemoods.com\facemoods\1.4.17.0
C:\Program Files\facemoods.com\facemoods\1.4.17.0\bh
C:\Program Files\Messenger Assist

———————————-
Total changes:560
———————————-

—————————————————————————————————————————-
Recommended software:
UnHackMe anti-rootkit and anti-malware
http://www.unhackme.com
RegRun Security Suite (Good choice for removal and protection)
http://www.regrun.com


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

Written by

Malware Hunter.

Comments

4 Comments on Removed: facemoods.dll, facemoodssrv.exe, facemoodsTlbr.dll, MessengerAssist.exe (adware MarketScore)

  1. szilveszter on Sun, 6th Feb 2011 8:37 am
  2. Not too hard to remove, as the uninstaller is in the folder, after that u should unregister the kept dll-s with regasm (in some IE cases with regsvr32) after that if u using mozilla just remove from users/appdata/urprofile(win 7 roaming)/mozilla/profile/xxx/extension/xxxfacemoods just delete the whole folder and here we go.:)

  3. NightWatcher on Sun, 6th Feb 2011 7:04 pm
  4. :)

  5. BobboGbg on Mon, 15th Aug 2011 2:50 am
  6. In Europe you have to find facemoods under C:programfacemoods. Go out into DOS and after the prompt in C:Program write erase C:facemoods and the system will ask – y or n – (in scandinavian countries- j or n) – That will do it! If you do reg. scan later and delete all lose connections – facemoods have disapeared.

  7. BobboGbg on Mon, 15th Aug 2011 4:38 am
  8. I am sorry but I was a bit hasty in my previous message, facemoods is a bit more difficult than I indicated, I will be back! For the moment the damned program has just hide somewhere…

    I am rather interessed in these small apps, programs or what you call them, I am sure that Microsoft who have open the whole browser for the those programs as they are more irritating than viruses, viruses are nothing compared to these small devils…

    I am also sure that GNU and Mozilla will gain in the end…, but they are interesting small bastard!

    Sorry…, again for my hasty message.

    bobbogbg

Tell me what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!

You must be logged in to post a comment.